Tag Archives: Struts: Validator Without Form Field

CWE-110 – Struts: Validator Without Form Field

Read Time:29 Second

Description

Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1164
CWE-20

 

Consequences

Other: Other

It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.

 

Potential Mitigations

CVE References