BaseDraft

CWE-567Unsynchronized Access to Shared Data in a Multithreaded Context

Category: logic

Description

The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Read Application Data, Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
    If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly.

Potential mitigations· 1

  • [Implementation]Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables.

Related CAPEC attack patterns· 1

CAPEC-25

References

  1. https://cwe.mitre.org/data/definitions/567.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternForced Deadlockcapec-25100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Synchronization
CWE
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
CWE
Singleton Class Instance Creation without Proper Locking or Synchronization
CWE
Incorrect Synchronization
CWE
Missing Synchronization
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.