CWE-105

Struts: Form Field Without Validator

Variant

Draft

Description

The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.

Omitting validation for even a single input field may give attackers the leeway they need to compromise the product. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.

Parent Weaknesses (ChildOf)

CWE-1173: Improper Use of Validation Fra...

CWE-20: Improper Input Validation...

Common Consequences

Scope

Integrity

Impact

Unexpected State

Scope

Integrity

Impact

Bypass Protection Mechanism

Potential Mitigations

Implementation

Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now