CWE-106: Struts: Plug-in Framework not in Use

ID CWE-106

Abstraction Variant

Structure Simple

Status Draft

When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.

Unchecked input is the leading cause of vulnerabilities in J2EE applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.

Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language		Java

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-1173	Improper Use of Validation Framework	Base	Simple	Draft
CWE-700	Seven Pernicious Kingdoms	Incomplete	CWE-20	Improper Input Validation	Class	Simple	Stable