Portée | Impact | Probabilité |
---|---|---|
Other | Other Note: If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today's worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation. | |
Confidentiality Integrity Availability Other | Other Note: Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack. |
Map every Action Form to a corresponding validation form.
An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated.
Nom | Organisation | Date | Date de publication | Version |
---|---|---|---|---|
7 Pernicious Kingdoms | Draft 3 |
Nom | Organisation | Date | Commentaire |
---|---|---|---|
Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities | |
CWE Content Team | MITRE | updated Common_Consequences, Description, Other_Notes | |
CWE Content Team | MITRE | updated Common_Consequences, Other_Notes | |
CWE Content Team | MITRE | updated Other_Notes | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Potential_Mitigations | |
CWE Content Team | MITRE | updated Other_Notes, Potential_Mitigations | |
CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Causal_Nature, Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated References, Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes |