ClassStableTop 25 #12

CWE-20Improper Input Validation

Category: other

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Common consequences· 3

  • Availability — DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
    An attacker could provide unexpected values and cause a program crash or arbitrary control of resource allocation, leading to excessive consumption of resources such as memory and CPU.
  • Confidentiality — Read Memory, Read Files or Directories
    An attacker could read confidential data if they are able to control resource references.
  • Integrity / Confidentiality / Availability — Modify Memory, Execute Unauthorized Code or Commands
    An attacker could use malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution.

Potential mitigations· 5

  • [Architecture and Design]Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build "recognizers" for that language. This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111]
  • [Architecture and Design]Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173).
  • [Architecture and Design, Implementation]Understand all the potential areas where untrusted inputs can enter the product, including but not limited to: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
  • [Implementation]
  • [Architecture and Design]

Related CAPEC attack patterns· 51

CAPEC-10CAPEC-101CAPEC-104CAPEC-108CAPEC-109CAPEC-110CAPEC-120CAPEC-13CAPEC-135CAPEC-136CAPEC-14CAPEC-153CAPEC-182CAPEC-209CAPEC-22CAPEC-23CAPEC-230CAPEC-231CAPEC-24CAPEC-250CAPEC-261CAPEC-267CAPEC-28CAPEC-3CAPEC-31CAPEC-42CAPEC-43CAPEC-45CAPEC-46CAPEC-47CAPEC-473CAPEC-52CAPEC-53CAPEC-588CAPEC-63CAPEC-64CAPEC-664CAPEC-67CAPEC-7CAPEC-71CAPEC-72CAPEC-73CAPEC-78CAPEC-79CAPEC-8CAPEC-80CAPEC-81CAPEC-83CAPEC-85CAPEC-88CAPEC-9

References

  1. https://cwe.mitre.org/data/definitions/20.html

Exploits (incoming)37

TypeTargetConfidenceTier
AttackPatternCross-Site Scripting (XSS)capec-63100%live
AttackPatternMIME Conversioncapec-42100%live
AttackPatternLeverage Alternate Encodingcapec-267100%live
AttackPatternFuzzing for garnering other adjacent user/sensitive datacapec-261100%live
AttackPatternExploiting Multiple Input Interpretation Layerscapec-43100%live
AttackPatternExploiting Trust in Clientcapec-22100%live
AttackPatternBuffer Overflow in an API Callcapec-8100%live
AttackPatternFormat String Injectioncapec-135100%live
AttackPatternString Format Overflow in syslog()capec-67100%live
AttackPatternCross Zone Scriptingcapec-104100%live
AttackPatternXML Injectioncapec-250100%live
AttackPatternFilter Failure through Buffer Overflowcapec-24100%live
AttackPatternOversized Serialized Data Payloadscapec-231100%live
AttackPatternUsing UTF-8 Encoding to Bypass Validation Logiccapec-80100%live
AttackPatternUser-Controlled Filenamecapec-73100%live
AttackPatternXSS Using MIME Type Mismatchcapec-209100%live
AttackPatternOS Command Injectioncapec-88100%live
AttackPatternBuffer Overflow in Local Command-Line Utilitiescapec-9100%live
AttackPatternClient-side Injection-induced Buffer Overflowcapec-14100%live
AttackPatternUsing Escaped Slashes in Alternate Encodingcapec-78100%live
AttackPatternServer Side Request Forgerycapec-664100%live
AttackPatternObject Relational Mapping Injectioncapec-109100%live
AttackPatternXPath Injectioncapec-83100%live
AttackPatternUsing Slashes in Alternate Encodingcapec-79100%live
AttackPatternBuffer Overflow via Symbolic Linkscapec-45100%live
AttackPatternBuffer Overflow via Parameter Expansioncapec-47100%live
AttackPatternBlind SQL Injectioncapec-7100%live
AttackPatternPostfix, Null Terminate, and Backslashcapec-53100%live
AttackPatternDouble Encodingcapec-120100%live
AttackPatternBuffer Overflow via Environment Variablescapec-10100%live

Showing top 30 of 37 by confidence. Click any target to see the full neighbourhood.

Compliance frameworks addressing this (incoming)25

TypeTargetConfidenceTier
ComplianceControlowasp_top10-a10100%live
ComplianceControlai_act-art10100%live
ComplianceControlcis_v8-7100%live
ComplianceControlowasp_llm_top10-llm04100%live
ComplianceControldora-art9100%live
ComplianceControldora-art6100%live
ComplianceControliso27001-a.8.25100%live
ComplianceControliso27001-a.8.29100%live
ComplianceControliso27001-a.8.28100%live
ComplianceControlowasp_llm_top10-llm09100%live
ComplianceControlowasp_api_top10-api04100%live
ComplianceControldora-art13100%live
ComplianceControlai_act-art15100%live
ComplianceControlowasp_top10-a03100%live
ComplianceControlai_act-art73100%live
ComplianceControlowasp_llm_top10-llm05100%live
ComplianceControlowasp_api_top10-api07100%live
ComplianceControlowasp_llm_top10-llm02100%live
ComplianceControlnis2-art21e100%live
ComplianceControldora-art7100%live
ComplianceControlcra-art14100%live
ComplianceControlpci_dss_v4-r6100%live
ComplianceControlowasp_llm_top10-llm03100%live
ComplianceControlcis_v8-1695%live
ComplianceControlowasp_api_top10-api1095%live

(incoming)88

TypeTargetConfidenceTier
VulnerabilityCVE-2025-0248cve-2025-02480%live
VulnerabilityCVE-2025-1022cve-2025-10220%live
VulnerabilityCVE-2025-1026cve-2025-10260%live
VulnerabilityCVE-2025-1041cve-2025-10410%live
VulnerabilityCVE-2025-10768cve-2025-107680%live
VulnerabilityCVE-2025-10769cve-2025-107690%live
VulnerabilityCVE-2025-10771cve-2025-107710%live
VulnerabilityCVE-2025-1097cve-2025-10970%live
VulnerabilityCVE-2025-1098cve-2025-10980%live
VulnerabilityCVE-2025-1113cve-2025-11130%live
VulnerabilityCVE-2025-11345cve-2025-113450%live
VulnerabilityCVE-2025-11346cve-2025-113460%live
VulnerabilityCVE-2025-1177cve-2025-11770%live
VulnerabilityCVE-2025-1186cve-2025-11860%live
VulnerabilityCVE-2025-11938cve-2025-119380%live
VulnerabilityCVE-2025-12275cve-2025-122750%live
VulnerabilityCVE-2025-12285cve-2025-122850%live
VulnerabilityCVE-2025-12305cve-2025-123050%live
VulnerabilityCVE-2025-12543cve-2025-125430%live
VulnerabilityCVE-2025-12907cve-2025-129070%live
VulnerabilityCVE-2025-12944cve-2025-129440%live
VulnerabilityCVE-2025-13319cve-2025-133190%live
VulnerabilityCVE-2025-14156cve-2025-141560%live
VulnerabilityCVE-2025-15375cve-2025-153750%live
VulnerabilityCVE-2025-1556cve-2025-15560%live
VulnerabilityCVE-2025-15566cve-2025-155660%live
VulnerabilityCVE-2025-20142cve-2025-201420%live
VulnerabilityCVE-2025-20146cve-2025-201460%live
VulnerabilityCVE-2025-20148cve-2025-201480%live
VulnerabilityCVE-2025-20154cve-2025-201540%live

Showing top 30 of 88 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Validation of Specified Type of Input
CWE
Improper Validation of Consistency within Input
CWE
Insufficient Verification of Data Authenticity
CWE
Improper Validation of Syntactic Correctness of Input
CWE
Improper Validation of Unsafe Equivalence in Input
CWE
Improper Handling of Unexpected Data Type
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.