Back to CWE list
CWE-608
Struts: Non-private Field in ActionForm Class
Variant
Draft
Description
An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Integrity
Confidentiality
Impact
Modify Application Data, Read Application Data
Potential Mitigations
Implementation
Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.
Applicable Platforms
Java
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now