Description
Every Action Form must have a corresponding validation form.
If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.
Potential Impact
Other
Other
Confidentiality, Integrity, Availability, Other
Other
Mitigations & Prevention
Map every Action Form to a corresponding validation form. An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated.
Related Weaknesses
Taxonomy Mappings
- 7 Pernicious Kingdoms: — Struts: Unvalidated Action Form
- Software Fault Patterns: SFP24 — Tainted input to command
Frequently Asked Questions
What is CWE-108?
CWE-108 (Struts: Unvalidated Action Form) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. Every Action Form must have a corresponding validation form.
How can CWE-108 be exploited?
Attackers can exploit CWE-108 (Struts: Unvalidated Action Form) to other. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-108?
Key mitigations include: Map every Action Form to a corresponding validation form. An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify tha
What is the severity of CWE-108?
CWE-108 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.