CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-573: Improper Following of Specification by Caller

 
Improper Following of Specification by Caller
Weakness ID: 573 (Weakness Class)Status: Draft
+ Description

Description Summary

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

+ Time of Introduction
  • Implementation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Quality degradation; Varies by context

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class227Improper Fulfillment of API Contract ('API Abuse')
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory850CERT Java Secure Coding Section 05 - Methods (MET)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness VariantWeakness Variant103Struts: Incomplete validate() Method Definition
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant104Struts: Form Bean Does Not Extend Validation Class
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant243Creation of chroot Jail Without Changing Working Directory
Research Concepts1000
ParentOfWeakness BaseWeakness Base253Incorrect Check of Function Return Value
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base296Improper Following of Chain of Trust for Certificate Validation
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base304Missing Critical Step in Authentication
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Research Concepts1000
ParentOfWeakness BaseWeakness Base358Improperly Implemented Security Check for Standard
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base475Undefined Behavior for Input to API
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
Research Concepts1000
ParentOfWeakness VariantWeakness Variant577EJB Bad Practices: Use of Sockets
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant578EJB Bad Practices: Use of Class Loader
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant579J2EE Bad Practices: Non-serializable Object Stored in Session
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant580clone() Method Without super.clone()
Development Concepts699
Research Concepts1000
ParentOfWeakness BaseWeakness Base581Object Model Violation: Just One of Equals and Hashcode Defined
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class675Duplicate Operations on Resource
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base694Use of Multiple Resources with Duplicate Identifier
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base695Use of Low-Level Functionality
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT Java Secure CodingMET14-JFollow the general contract when implementing the compareTo method
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2011-03-29CWE Content TeamMITREInternal
updated Description, Name
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
Previous Entry Names
Change DatePrevious Entry Name
2011-03-29Failure to Follow Specification
Back to top
Page Last Updated: September 12, 2011
 

CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us