CWE-573: Improper Following of Specification by Caller
The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.
View on MITREExtended Description
When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
No mitigation information available for this CWE.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Observed CVE Examples (2)
Crypto implementation removes padding when it shouldn't, allowing forged signatures
View DetailsCrypto implementation removes padding when it shouldn't, allowing forged signatures
View DetailsCWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-573: Improper Following of Specification by Caller?+
CWE-573: Improper Following of Specification by Caller is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform. When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
What are the security consequences of Improper Following of Specification by Caller?+
If exploited, CWE-573 (Improper Following of Specification by Caller) it can compromise Other, leading to outcomes such as Quality Degradation and Varies by Context.
What are real-world examples of Improper Following of Specification by Caller?+
MITRE documents real CVEs mapped to CWE-573, including CVE-2006-7140 and CVE-2006-4339. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-573 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.