CWE-567
Unsynchronized Access to Shared Data in a Multithreaded Context
The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.
Mitigation
Phase: Implementation
Description:
- Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.