CWE-102: Struts: Duplicate Validation Forms
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.
扩展描述
If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer's expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.
常见后果
影响范围: Integrity
技术影响: Unexpected State
潜在缓解措施
阶段: Implementation
描述: The DTD or schema validation will not catch the duplicate occurrence of the same form name. To find the issue in the implementation, manual checks or automated static analysis could be applied to the xml configuration files.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | Struts: Duplicate Validation Forms | - |
| Software Fault Patterns | SFP24 | Tainted input to command | - |