CWE-109: Struts: Validator Turned Off
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
潜在缓解措施
阶段: Implementation
描述: Ensure that an action form mapping enables validation. Set the validate field to true.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | Struts: Validator Turned Off | - |
| Software Fault Patterns | SFP24 | Tainted input to command | - |