CWE - CWE-573: Failure to Follow Specification (Draft 9)

Home > CWE List > CWE-573 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-573 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

573 (Weakness Class)

Description

Summary

The software fails to follow the specifications for the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	227	Failure to Fulfill API Contract (aka 'API Abuse')
ParentOf	Weakness Variant	243	Failure to Change Working Directory in chroot Jail
ParentOf	Weakness Variant	245	J2EE Bad Practices: Direct Management of Connections
ParentOf	Weakness Variant	246	J2EE Bad Practices: Direct Use of Sockets
ParentOf	Weakness Base	253	Misinterpreted Function Return Value
ParentOf	Weakness Base	296	Failure to Follow Chain of Trust in Certificate Validation
ParentOf	Weakness Base	304	Missing Critical Step in Authentication
ParentOf	Weakness Base	325	Missing Required Cryptographic Step
ParentOf	Weakness Variant	329	Not Using a Random IV with CBC Mode
ParentOf	Weakness Base	358	Improperly Implemented Security Check for Standard
ParentOf	Weakness Base	475	Undefined Behavior for Input to API
ParentOf	Weakness Variant	568	finalize() Method Without super.finalize()
ParentOf	Weakness Variant	574	EJB Bad Practices: Use of Synchronization Primitives
ParentOf	Weakness Variant	575	EJB Bad Practices: Use of AWT Swing
ParentOf	Weakness Variant	576	EJB Bad Practices: Use of Java I/O
ParentOf	Weakness Variant	577	EJB Bad Practices: Use of Sockets
ParentOf	Weakness Variant	578	EJB Bad Practices: Use of Class Loader
ParentOf	Weakness Variant	579	J2EE Bad Practices: Non-serializable Object Stored in Session
ParentOf	Weakness Base	581	Object Model Violation: Just One of Equals and Hashcode Defined
ParentOf	Weakness Class	675	Duplicate Operations on Resource
ParentOf	Weakness Base	676	Use of Potentially Dangerous Function

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us