VariantDraft

CWE-181Incorrect Behavior Order: Validate Before Filter

Category: other

Description

The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step. This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Implementation, Architecture and Design]Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.

Related CAPEC attack patterns· 7

CAPEC-120CAPEC-267CAPEC-3CAPEC-43CAPEC-78CAPEC-79CAPEC-80

References

  1. https://cwe.mitre.org/data/definitions/181.html

Exploits (incoming)7

TypeTargetConfidenceTier
AttackPatternUsing UTF-8 Encoding to Bypass Validation Logiccapec-80100%live
AttackPatternUsing Slashes in Alternate Encodingcapec-79100%live
AttackPatternLeverage Alternate Encodingcapec-267100%live
AttackPatternDouble Encodingcapec-120100%live
AttackPatternExploiting Multiple Input Interpretation Layerscapec-43100%live
AttackPatternUsing Leading 'Ghost' Character Sequences to Bypass Input Filterscapec-3100%live
AttackPatternUsing Escaped Slashes in Alternate Encodingcapec-78100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Behavior Order: Validate Before Canonicalize
CWE
Incorrect Behavior Order: Early Validation
CWE
Incorrect Regular Expression
CWE
Improper Input Validation
CWE
Incorrect Comparison Logic Granularity
CWE
Insufficient Verification of Data Authenticity
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.