CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-573: Improper Following of Specification by Caller

Weakness ID: 573
Abstraction: Class
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

+ Time of Introduction
  • Implementation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Quality degradation; Varies by context

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class227Improper Fulfillment of API Contract ('API Abuse')
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory850CERT Java Secure Coding Section 05 - Methods (MET)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOfCategoryCategory1001SFP Secondary Cluster: Use of an Improper API
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant103Struts: Incomplete validate() Method Definition
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant104Struts: Form Bean Does Not Extend Validation Class
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant243Creation of chroot Jail Without Changing Working Directory
Research Concepts1000
ParentOfWeakness BaseWeakness Base253Incorrect Check of Function Return Value
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base296Improper Following of a Certificate's Chain of Trust
Research Concepts1000
ParentOfWeakness BaseWeakness Base304Missing Critical Step in Authentication
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Research Concepts1000
ParentOfWeakness BaseWeakness Base358Improperly Implemented Security Check for Standard
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base475Undefined Behavior for Input to API
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
Research Concepts1000
ParentOfWeakness VariantWeakness Variant577EJB Bad Practices: Use of Sockets
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant578EJB Bad Practices: Use of Class Loader
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant579J2EE Bad Practices: Non-serializable Object Stored in Session
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant580clone() Method Without super.clone()
Development Concepts699
Research Concepts1000
ParentOfWeakness BaseWeakness Base581Object Model Violation: Just One of Equals and Hashcode Defined
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class675Duplicate Operations on Resource
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base694Use of Multiple Resources with Duplicate Identifier
Development Concepts699
Research Concepts1000
ParentOfWeakness BaseWeakness Base695Use of Low-Level Functionality
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT Java Secure CodingMET10-JFollow the general contract when implementing the compareTo() method
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2011-03-29CWE Content TeamMITREInternal
updated Description, Name
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2011-03-29Failure to Follow Specification

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017