CWE-173: Improper Handling of Alternate Encoding
ID
CWE-173
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
2
The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org# ID | Name | Weaknesses |
---|---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | CWE-173 |
CAPEC-4 | Using Alternative IP Address Encodings | CWE-173 |
CAPEC-52 | Embedding NULL Bytes | CWE-173 |
CAPEC-53 | Postfix, Null Terminate, and Backslash | CWE-173 |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic | CWE-173 |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic | CWE-173 |
CAPEC-72 | URL Encoding | CWE-173 |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding | CWE-173 |
CAPEC-79 | Using Slashes in Alternate Encoding | CWE-173 |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic | CWE-173 |
CAPEC-120 | Double Encoding | CWE-173 |
CAPEC-267 | Leverage Alternate Encoding | CWE-173 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...