1. Home
  2. CWE Database
  3. CWE-382
Variant · Low-Medium

CWE-382: J2EE Bad Practices: Use of System.exit()

A J2EE application uses System.exit(), which also shuts down its container.

CWE-382 · Variant Level ·4 Mitigations

Description

A J2EE application uses System.exit(), which also shuts down its container.

It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks.

Potential Impact

Availability

DoS: Crash, Exit, or Restart

Demonstrative Examples

Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.
Bad
Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {try {...} catch (ApplicationSpecificException ase) {logger.error("Caught: " + ase.toString());System.exit(1);}}

Mitigations & Prevention

Architecture and Design

The shutdown function should be a privileged function available only to a properly authorized administrative user

Implementation

Web applications should not call methods that cause the virtual machine to exit, such as System.exit()

Implementation

Web applications should also not throw any Throwables to the application server as this may adversely affect the container.

Implementation

Non-web applications may have a main() method that contains a System.exit(), but generally should not call System.exit() from other locations in the code

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-705: Incorrect Control Flow Scoping

The product does not properly return control flow to the proper location after it has completed a task or detected an un...

Taxonomy Mappings

  • 7 Pernicious Kingdoms: — J2EE Bad Practices: System.exit()
  • OWASP Top Ten 2004: A9 — Denial of Service
  • The CERT Oracle Secure Coding Standard for Java (2011): ERR09-J — Do not allow untrusted code to terminate the JVM
  • Software Fault Patterns: SFP3 — Use of an improper API

Frequently Asked Questions

What is CWE-382?

CWE-382 (J2EE Bad Practices: Use of System.exit()) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. A J2EE application uses System.exit(), which also shuts down its container.

How can CWE-382 be exploited?

Attackers can exploit CWE-382 (J2EE Bad Practices: Use of System.exit()) to dos: crash, exit, or restart. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-382?

Key mitigations include: The shutdown function should be a privileged function available only to a properly authorized administrative user

What is the severity of CWE-382?

CWE-382 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.