VariantDraft

CWE-109Struts: Validator Turned Off

Category: other

Description

Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Implementation]Ensure that an action form mapping enables validation. Set the validate field to true.

References

  1. https://cwe.mitre.org/data/definitions/109.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Struts: Plug-in Framework not in Use
CWE
Struts: Unused Validation Form
CWE
Struts: Incomplete validate() Method Definition
CWE
Struts: Validator Without Form Field
CWE
Struts: Form Field Without Validator
CWE
Struts: Unvalidated Action Form
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.