Comprehensive Categorization: Improper Input Validation
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper input validation.
Weaknesses
The ASP.NET application does not use, or incorrectly uses, the model validation framework.
The ASP.NET application does not use an input validation framework.
The product defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that t...
The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or i...
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the...
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the inpu...
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input ...
The product accepts XML from an untrusted source but does not validate the XML against the proper schema.
The product has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient ...
Every Action Form must have a corresponding validation form.
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weakn...
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...
Concepts
This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.