Read Time:22 Second

Description

Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1173
CWE-20

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure that an action form mapping enables validation. Set the validate field to true.

CVE References