QwikSec

Security Database

CVE

CWE

Training

Back to CWE list

CWE-573

Improper Following of Specification by Caller

Class

Draft

Description

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Parent Weaknesses (ChildOf)

CWE-710: Improper Adherence to Coding S...

Common Consequences

Scope

Other

Impact

Quality Degradation, Varies by Context

CVE-2006-7140

Crypto implementation removes padding when it shouldn't, allowing forged signatures

CVE-2006-4339

Crypto implementation removes padding when it shouldn't, allowing forged signatures

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.