CWE-110: Struts: Validator Without Form Field

VariantDraft

Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.

View on MITRE

Back to CWE Lookup

Extended Description

It is easy for developers to forget to update validation logic when they make changes to an ActionForm class. One indication that validation logic is not being properly maintained is inconsistencies between the action form and the validation form. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.

Technical Details

Structure: Simple

Applicable To

Languages

Java

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-110

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references