CWE-108

Struts: Unvalidated Action Form

Variant

Incomplete

Description

Every Action Form must have a corresponding validation form.

If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.

Parent Weaknesses (ChildOf)

CWE-1173: Improper Use of Validation Fra...

CWE-20: Improper Input Validation...

Common Consequences

Scope

Other

Impact

Other

Scope

Confidentiality

Integrity

Availability

Other

Impact

Other

Potential Mitigations

Implementation

Map every Action Form to a corresponding validation form. An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-108

Struts: Unvalidated Action Form

Description

Relationships

Common Consequences

Potential Mitigations

Applicable Platforms