QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-575

Back to CWE list

CWE-575

EJB Bad Practices: Use of AWT Swing

Variant
Draft

Description

The product violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.

The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the product violates the following EJB guideline: "An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard." The specification justifies this requirement in the following way: "Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system."

Common Consequences

Scope

Other

Impact

Quality Degradation

Potential Mitigations

Architecture and Design

Do not use AWT/Swing when writing EJBs.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now