Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
View on MITREEnsure that an action form mapping enables validation. Set the validate field to true.
No detection method information available for this CWE.
This mapping defines an action for a download form:
This mapping has disabled validation. Disabling validation exposes this action to numerous types of attacks.
No relationship information available for this CWE.
CWE-109: Struts: Validator Turned Off is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
If exploited, CWE-109 (Struts: Validator Turned Off) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.
Recommended mitigations for CWE-109 include: Ensure that an action form mapping enables validation. Set the validate field to true.
CWE-109 commonly affects Java. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-109 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.