Détail du CWE-477

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

As programming languages evolve, functions occasionally become obsolete due to:

• Advances in the language
• Improved understanding of how operations should be performed effectively and securely
• Changes in the conventions that govern certain operations

Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

Modes d'introduction

Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Conséquences courantes

Mesures d’atténuation potentielles

Phases : Implementation
Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
Phases : Requirements
Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

Méthodes de détection

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Efficacité : SOAR Partial

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Automated Static Analysis

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Efficacité : High

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Références

REF-6

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, Gary McGraw.
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf

Soumission

Modifications