Description
The ASP.NET application does not use, or incorrectly uses, the model validation framework.
Potential Impact
Integrity
Unexpected State
Related Weaknesses
Frequently Asked Questions
What is CWE-1174?
CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The ASP.NET application does not use, or incorrectly uses, the model validation framework.
How can CWE-1174 be exploited?
Attackers can exploit CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation) to unexpected state. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-1174?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1174?
CWE-1174 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.