CWE-183: Permissive List of Allowed Inputs

ID CWE-183

Abstraction Base

Structure Simple

Status Draft

Number of CVEs 11

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-697	Incorrect Comparison	Pillar	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-434	Unrestricted Upload of File with Dangerous Type	Base	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-3	Using Leading 'Ghost' Character Sequences to Bypass Input Filters	CWE-183
CAPEC-43	Exploiting Multiple Input Interpretation Layers	CWE-183
CAPEC-71	Using Unicode Encoding to Bypass Validation Logic	CWE-183
CAPEC-120	Double Encoding	CWE-183

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date