CWE-105: Struts: Form Field Without Validator
ID
CWE-105
Abstraction
Variant
Structure
Simple
Status
Draft
The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
Omitting validation for even a single input field may give attackers the leeway they need to compromise the product. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Modes of Introduction
Phase | Note |
---|---|
Implementation | Some products use the same ActionForm for more than one purpose. In situations like this, some fields may go unused under some action mappings. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Java |
Loading...