CWE-105
Struts: Form Field Without Validator
AI Translation Available
The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
Status
draft
Abstraction
variant
Affected Platforms
Java
Extended Description
AI Translation
Omitting validation for even a single input field may give attackers the leeway they need to compromise the product. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Technical Details
AI Translation
Common Consequences
integrity
Impacts
unexpected state
bypass protection mechanism
Potential Mitigations
Phases:
implementation
Descriptions:
•
Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined.