CWE-383: J2EE Bad Practices: Direct Use of Threads

Description

Thread management in a Web application is forbidden in some circumstances and is always highly error prone.

Extended Description

Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Quality Degradation — Notes:

Potential Mitigations

Architecture and Design: For EJB, use framework approaches for parallel execution, instead of using threads. (N/A)

Applicable Platforms

Java (N/A, Undetermined)

Demonstrative Examples

Intro: In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Perform servlet tasks. ... // Create a new thread to handle background processing. Runnable r = new Runnable() { public void run() { // Process and store request statistics. ... } }; new Thread(r).start(); }

Notes

No notes available.

← Back to CWE list