CWE-383: J2EE Bad Practices: Direct Use of Threads

Description

Thread management in a Web application is forbidden in some circumstances and is always highly error prone.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.

Example Vulnerable Codes

Example - 1

In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.


// // Perform servlet tasks.// 
// // Create a new thread to handle background processing.// 

// // Process and store request statistics.// 
...public void run() {}
...Runnable r = new Runnable() {};new Thread(r).start();public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-695: Use of Low-Level Functionality

Go to

Visit http://cwe.mitre.org/ for more details.