Back to CWE list
CWE-109
Struts: Validator Turned Off
Variant
Draft
Description
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism
Potential Mitigations
Implementation
Ensure that an action form mapping enables validation. Set the validate field to true.
Applicable Platforms
Java
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now