The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.
View on MITREWhen leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
No mitigation information available for this CWE.
No detection method information available for this CWE.
Crypto implementation removes padding when it shouldn't, allowing forged signatures
View DetailsCrypto implementation removes padding when it shouldn't, allowing forged signatures
View DetailsNo relationship information available for this CWE.
CWE-573: Improper Following of Specification by Caller is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform. When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
If exploited, CWE-573 (Improper Following of Specification by Caller) it can compromise Other, leading to outcomes such as Quality Degradation and Varies by Context.
MITRE documents real CVEs mapped to CWE-573, including CVE-2006-7140 and CVE-2006-4339. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-573 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.