CWE-181: Incorrect Behavior Order: Validate Before Filter

ID CWE-181

Abstraction Variant

Structure Simple

Status Draft

The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-179	Incorrect Behavior Order: Early Validation	Base	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters	CWE-181
CAPEC-43	Exploiting Multiple Input Interpretation Layers	CWE-181
CAPEC-78	Using Escaped Slashes in Alternate Encoding	CWE-181
CAPEC-79	Using Slashes in Alternate Encoding	CWE-181
CAPEC-80	Using UTF-8 Encoding to Bypass Validation Logic	CWE-181
CAPEC-120	Double Encoding	CWE-181
CAPEC-267	Leverage Alternate Encoding	CWE-181