SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 89

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2020.2

...

Failure to restore prior object state on method failure can leave the object in an inconsistent state and can violate required state invariants.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR03-J

Low

Probable

High

P2

L3

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

BD.PB.REVOBJRestore prior object state on method failure

Related Vulnerabilities

CVE-2008-0002 describes a vulnerability in several versions of Apache Tomcat. If an exception occurs during parameter processing, the program can be left in the context of the wrong request, which might allow remote attackers to obtain sensitive information. An exception can be triggered by disconnecting from Tomcat during this processing.

Related Guidelines

MITRE CWE

CWE-460, Improper Cleanup on Thrown Exception

Bibliography

[Bloch 2008]

Item 64, "Strive for Failure Atomicity"

...


...