CWE-180: Incorrect Behavior Order: Validate Before Canonicalize
ID
CWE-180
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
2
The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.
This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | CWE-180 |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic | CWE-180 |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding | CWE-180 |
| CAPEC-79 | Using Slashes in Alternate Encoding | CWE-180 |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic | CWE-180 |
| CAPEC-267 | Leverage Alternate Encoding | CWE-180 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...