CWE-102: Struts: Duplicate Validation Forms

Description

The product uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer's expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.

Example Vulnerable Codes

Example - 1

Two validation forms with the same name.


<form name="ProjectForm"> ... </form><form name="ProjectForm"> ... </form><formset></formset><form-validation></form-validation>

It is critically important that validation logic be maintained and kept in sync with the rest of the product.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-20: Improper Input Validation
Go to
CWE-675: Multiple Operations on Resource in Single-Operation Context
Go to
CWE-694: Use of Multiple Resources with Duplicate Identifier
Go to
CWE-1173: Improper Use of Validation Framework
Go to

Visit http://cwe.mitre.org/ for more details.