1. Home
  2. CWE Database
  3. CWE-573
Class · High

CWE-573: Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

CWE-573 · Class Level ·2 CVEs

Description

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Potential Impact

Other

Quality Degradation, Varies by Context

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2006-7140Crypto implementation removes padding when it shouldn't, allowing forged signatures
CVE-2006-4339Crypto implementation removes padding when it shouldn't, allowing forged signatures

CWE-710: Improper Adherence to Coding Standards

The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the...

Taxonomy Mappings

  • The CERT Oracle Secure Coding Standard for Java (2011): MET10-J — Follow the general contract when implementing the compareTo() method

Frequently Asked Questions

What is CWE-573?

CWE-573 (Improper Following of Specification by Caller) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

How can CWE-573 be exploited?

Attackers can exploit CWE-573 (Improper Following of Specification by Caller) to quality degradation, varies by context. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-573?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-573?

CWE-573 is classified as a Class-level weakness (High abstraction). It has been observed in 2 real-world CVEs.