forked from aquasecurity/vuln-list
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCWE-108.json
46 lines (46 loc) · 1.04 KB
/
CWE-108.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
"ID": 108,
"Name": "Struts: Unvalidated Action Form",
"Description": "Every Action Form must have a corresponding validation form.",
"PotentialMitigations": {
"Mitigation": [
{
"Phase": [
"Implementation"
],
"Strategy": "Input Validation",
"Description": [
"Map every Action Form to a corresponding validation form.",
"An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated."
]
}
]
},
"RelatedAttackPatterns": {
"RelatedAttackPattern": null
},
"CommonConsequences": {
"Consequence": [
{
"Scope": [
"Other"
],
"Impact": [
"Other"
]
},
{
"Scope": [
"Confidentiality",
"Integrity",
"Availability",
"Other"
],
"Impact": [
"Other"
]
}
]
},
"ExtendedDescription": null
}