CWE-105 - Struts: Form Field Without Validator
CWE-105
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Struts: Form Field Without Validator
- Description
The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
Omitting validation for even a single input field may give attackers the leeway they need to compromise the product. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
- Common Consequences
Scope: Integrity
Impact: Unexpected State
Scope: Integrity
Impact: Bypass Protection Mechanism
Notes: If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website