CWE-477
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Use of Obsolete Function
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
Informacje ogólne
Sposoby wprowadzenia
ImplementationOdpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Other | Quality Degradation |
Potencjalne środki zaradcze
Phases : ImplementationRefer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
Phases : Requirements
Consider seriously the security implications of using an obsolete function. Consider using alternate functions.
Metody wykrywania
Automated Static Analysis - Binary or Bytecode
Skuteczność : HighManual Static Analysis - Binary or Bytecode
Skuteczność : SOAR PartialDynamic Analysis with Manual Results Interpretation
Skuteczność : HighManual Static Analysis - Source Code
Skuteczność : HighAutomated Static Analysis - Source Code
Skuteczność : HighAutomated Static Analysis
Skuteczność : HighArchitecture or Design Review
Skuteczność : HighUwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Odniesienia
REF-6
Seven Pernicious Kingdoms: A Taxonomy of Software Security ErrorsKatrina Tsipenyuk, Brian Chess, Gary McGraw.
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
REF-1479
State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and EvaluationGregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, Rama S. Moorthy.
https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| 7 Pernicious Kingdoms | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Other_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Description, Other_Notes, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Detection_Factors, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Name, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Detection_Factors, References | |
| CWE Content Team | MITRE | updated Relationships |
