CWE
Home > CWE List > CWE-573 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-573 Individual Dictionary Definition (Draft 9)

Failure to Follow Specification
Weakness ID
Status: Draft

573 (Weakness Class)

Description

Summary

The software fails to follow the specifications for the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class227Failure to Fulfill API Contract (aka 'API Abuse')
ParentOfWeakness VariantWeakness VariantWeakness Variant243Failure to Change Working Directory in chroot Jail
ParentOfWeakness VariantWeakness VariantWeakness Variant245J2EE Bad Practices: Direct Management of Connections
ParentOfWeakness VariantWeakness VariantWeakness Variant246J2EE Bad Practices: Direct Use of Sockets
ParentOfWeakness BaseWeakness BaseWeakness Base253Misinterpreted Function Return Value
ParentOfWeakness BaseWeakness BaseWeakness Base296Failure to Follow Chain of Trust in Certificate Validation
ParentOfWeakness BaseWeakness BaseWeakness Base304Missing Critical Step in Authentication
ParentOfWeakness BaseWeakness BaseWeakness Base325Missing Required Cryptographic Step
ParentOfWeakness VariantWeakness VariantWeakness Variant329Not Using a Random IV with CBC Mode
ParentOfWeakness BaseWeakness BaseWeakness Base358Improperly Implemented Security Check for Standard
ParentOfWeakness BaseWeakness BaseWeakness Base475Undefined Behavior for Input to API
ParentOfWeakness VariantWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
ParentOfWeakness VariantWeakness VariantWeakness Variant574EJB Bad Practices: Use of Synchronization Primitives
ParentOfWeakness VariantWeakness VariantWeakness Variant575EJB Bad Practices: Use of AWT Swing
ParentOfWeakness VariantWeakness VariantWeakness Variant576EJB Bad Practices: Use of Java I/O
ParentOfWeakness VariantWeakness VariantWeakness Variant577EJB Bad Practices: Use of Sockets
ParentOfWeakness VariantWeakness VariantWeakness Variant578EJB Bad Practices: Use of Class Loader
ParentOfWeakness VariantWeakness VariantWeakness Variant579J2EE Bad Practices: Non-serializable Object Stored in Session
ParentOfWeakness BaseWeakness BaseWeakness Base581Object Model Violation: Just One of Equals and Hashcode Defined
ParentOfWeakness ClassWeakness ClassWeakness Class675Duplicate Operations on Resource
ParentOfWeakness BaseWeakness BaseWeakness Base676Use of Potentially Dangerous Function
Page Last Updated: April 22, 2008