CWE-573: Improper Following of Specification by Caller
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.
扩展描述
When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
常见后果
影响范围: Other
技术影响: Quality Degradation Varies by Context
观察示例
参考: CVE-2006-7140
Crypto implementation removes padding when it shouldn't, allowing forged signatures
参考: CVE-2006-4339
Crypto implementation removes padding when it shouldn't, allowing forged signatures
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | MET10-J | Follow the general contract when implementing the compareTo() method | - |