CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-573: Failure to Follow Specification

 
Failure to Follow Specification
Weakness ID: 573 (Weakness Class)Status: Draft
+ Description

Description Summary

The software fails to follow the specifications for the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

+ Time of Introduction
  • Implementation
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class227Failure to Fulfill API Contract ('API Abuse')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant103Struts: Incomplete validate() Method Definition
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant104Struts: Form Bean Does Not Extend Validation Class
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant243Failure to Change Working Directory in chroot Jail
Research Concepts1000
ParentOfWeakness BaseWeakness Base253Incorrect Check of Function Return Value
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base296Improper Following of Chain of Trust for Certificate Validation
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base304Missing Critical Step in Authentication
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base325Missing Required Cryptographic Step
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
Research Concepts1000
ParentOfWeakness BaseWeakness Base358Improperly Implemented Security Check for Standard
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base475Undefined Behavior for Input to API
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
Research Concepts1000
ParentOfWeakness VariantWeakness Variant577EJB Bad Practices: Use of Sockets
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant578EJB Bad Practices: Use of Class Loader
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant579J2EE Bad Practices: Non-serializable Object Stored in Session
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant580clone() Method Without super.clone()
Development Concepts699
Research Concepts1000
ParentOfWeakness BaseWeakness Base581Object Model Violation: Just One of Equals and Hashcode Defined
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class675Duplicate Operations on Resource
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base694Use of Multiple Resources with Duplicate Identifier
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base695Use of Low-Level Functionality
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us