CWE-697: Incorrect Comparison
ID
CWE-697
Abstraction
Pillar
Structure
Simple
Status
Incomplete
Number of CVEs
121
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
This Pillar covers several possibilities:
- the comparison checks one factor incorrectly;
- the comparison should consider multiple factors, but it does not check at least one of those factors at all;
- the comparison checks the wrong factor.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific | ||
| Technology | Not Technology-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | CWE-697 |
| CAPEC-6 | Argument Injection | CWE-697 |
| CAPEC-7 | Blind SQL Injection | CWE-697 |
| CAPEC-8 | Buffer Overflow in an API Call | CWE-697 |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities | CWE-697 |
| CAPEC-10 | Buffer Overflow via Environment Variables | CWE-697 |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow | CWE-697 |
| CAPEC-15 | Command Delimiters | CWE-697 |
| CAPEC-24 | Filter Failure through Buffer Overflow | CWE-697 |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads | CWE-697 |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers | CWE-697 |
| CAPEC-44 | Overflow Binary Resource File | CWE-697 |
| CAPEC-45 | Buffer Overflow via Symbolic Links | CWE-697 |
| CAPEC-46 | Overflow Variables and Tags | CWE-697 |
| CAPEC-47 | Buffer Overflow via Parameter Expansion | CWE-697 |
| CAPEC-52 | Embedding NULL Bytes | CWE-697 |
| CAPEC-53 | Postfix, Null Terminate, and Backslash | CWE-697 |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic | CWE-697 |
| CAPEC-67 | String Format Overflow in syslog() | CWE-697 |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic | CWE-697 |
| CAPEC-73 | User-Controlled Filename | CWE-697 |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding | CWE-697 |
| CAPEC-79 | Using Slashes in Alternate Encoding | CWE-697 |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic | CWE-697 |
| CAPEC-88 | OS Command Injection | CWE-697 |
| CAPEC-92 | Forced Integer Overflow | CWE-697 |
| CAPEC-120 | Double Encoding | CWE-697 |
| CAPEC-182 | Flash Injection | CWE-697 |
| CAPEC-267 | Leverage Alternate Encoding | CWE-697 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...