Detailedlikelihood: Lowseverity: MediumDraft
CAPEC-120Double Encoding
Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
Medium
Description
The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.
Related weaknesses· 10
Related attack patterns· 1
Exploits10
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Encoding Errorcwe-172 | 100% | live |
| Weakness | Incomplete List of Disallowed Inputscwe-184 | 100% | live |
| Weakness | Improper Handling of Alternate Encodingcwe-173 | 100% | live |
| Weakness | Incorrect Behavior Order: Validate Before Filtercwe-181 | 100% | live |
| Weakness | Improper Handling of URL Encoding (Hex Encoding)cwe-177 | 100% | live |
| Weakness | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74 | 100% | live |
| Weakness | Improper Input Validationcwe-20 | 100% | live |
| Weakness | Incorrect Comparisoncwe-697 | 100% | live |
| Weakness | Incomplete Denylist to Cross-Site Scriptingcwe-692 | 100% | live |
| Weakness | Permissive List of Allowed Inputscwe-183 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.