CWE-106: Struts: Plug-in Framework not in Use

VariantDraft

When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.

View on MITRE
Back to CWE Lookup

Extended Description

Unchecked input is the leading cause of vulnerabilities in J2EE applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.

Technical Details

Structure
Simple

Applicable To

Languages
Java
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-106

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-106: Struts: Plug-in Framework not in Use | CWE Lookup | Inventive HQ