QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-383

Back to CWE list

CWE-383

J2EE Bad Practices: Direct Use of Threads

Variant
Draft

Description

Thread management in a Web application is forbidden in some circumstances and is always highly error prone.

Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.

Common Consequences

Scope

Other

Impact

Quality Degradation

Potential Mitigations

Architecture and Design

For EJB, use framework approaches for parallel execution, instead of using threads.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now