CWE-105: Struts: Form Field Without Validator

The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Omitting validation for even a single input field may give attackers the leeway they need to compromise the product. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.

CWE-105: Struts: Form Field Without Validator

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-105?

How do you prevent CWE-105?

What are the consequences of CWE-105?

References

Stay ahead of CWE-105

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-105?

How do you prevent CWE-105?

What are the consequences of CWE-105?

References

Stay ahead of CWE-105