CWE-573: Improper Following of Specification by Caller

Description

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2006-7140

Crypto implementation removes padding when it shouldn't, allowing forged signatures
CVE: CVE-2006-4339

Crypto implementation removes padding when it shouldn't, allowing forged signatures

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Quality Degradation, Varies by Context — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None listed.

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list