CWE-102: Struts: Duplicate Validation Forms

Description

The product uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer's expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.

Example Vulnerable Codes

Example - 1

Two validation forms with the same name.


<form name="ProjectForm"> ... </form><form name="ProjectForm"> ... </form><formset></formset><form-validation></form-validation>

It is critically important that validation logic be maintained and kept in sync with the rest of the product.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 21, 2024 13:00