Tag Archives: Struts: Non-private Field in ActionForm Class

CWE-608 – Struts: Non-private Field in ActionForm Class

Read Time:26 Second

Description

An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-668

 

Consequences

Integrity, Confidentiality: Modify Application Data, Read Application Data

 

Potential Mitigations

Phase: Implementation

Description: 

Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.

CVE References