Improper Following of Specification by Caller

Draft Class

Structure: Simple

Description

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Extended Description

When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.

Common Consequences 1

Scope: Other

Impact: Quality DegradationVaries by Context

Observed Examples 2

CVE-2006-7140Crypto implementation removes padding when it shouldn't, allowing forged signatures

CVE-2006-4339Crypto implementation removes padding when it shouldn't, allowing forged signatures

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Improper Adherence to Coding Standards (CWE-710)

Taxonomy Mapping

The CERT Oracle Secure Coding Standard for Java (2011)