CWE-573 - Improper Following of Specification by Caller

Read Time:33 Second

Description

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-710

Consequences

Other: Quality Degradation, Varies by Context

Potential Mitigations

CVE References

CVE-2006-7140
- Crypto implementation removes padding when it shouldn’t, allowing forged signatures

CVE-2006-4339
- Crypto implementation removes padding when it shouldn’t, allowing forged signatures

InCVE-2006-7140, CWE- 573, Improper Following of Specification by Caller

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022