Detailedlikelihood: Highseverity: HighDraft

CAPEC-72URL Encoding

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-173, CWE-177, CWE-172, CWE-73, CWE-74 (and 1 more). Related CAPEC pattern: [object Object].

Related weaknesses· 6

CWE-173CWE-177CWE-172CWE-73CWE-74CWE-20

Related attack patterns· 1

CAPEC-267 (ChildOf)

Exploits6

TypeTargetConfidenceTier
WeaknessImproper Handling of Alternate Encodingcwe-173100%live
WeaknessImproper Handling of URL Encoding (Hex Encoding)cwe-177100%live
WeaknessExternal Control of File Name or Pathcwe-73100%live
WeaknessImproper Input Validationcwe-20100%live
WeaknessEncoding Errorcwe-172100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC
Leverage Alternate Encoding
CAPEC
Using Unicode Encoding to Bypass Validation Logic
CAPEC
Double Encoding
CAPEC
HTTP Response Smuggling
CAPEC
Using Alternative IP Address Encodings
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.