Exposure of Data Element to Wrong Session via Data Race Condition
Variants:
Direct
Also Known As:
Exposure of Data Element to Wrong Session, Singleton Member Field Race Condition, Shared Field Race Condition, Static Field Race Condition
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Synchronization, Session Management
Invented In:
01/01/1999
Added In:
25/12/2014
Vector Operation Method:
Private information can be leaked to unauthorized entities due to a race condition on access to a shared static variable or member fields, in components such as servlets. Typical instances result in exposure of data from one session to another due to flaws that derive from memory leaks, or the usage of static or persistent fields.
