| Double Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|
| Leverage Alternate Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|
| Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
|
CWE-20
|
Improper Input Validation
|
|
CWE-41
|
Improper Resolution of Path Equivalence
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Using Alternative IP Address Encodings |
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-291
|
Reliance on IP Address for Authentication
|
|
| Embedding NULL Bytes |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Postfix, Null Terminate, and Backslash |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Using Slashes and URL Encoding Combined to Bypass Validation Logic |
|
CWE-20
|
Improper Input Validation
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Using Unicode Encoding to Bypass Validation Logic |
|
CWE-20
|
Improper Input Validation
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-176
|
Improper Handling of Unicode Encoding
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-183
|
Permissive List of Allowed Inputs
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|
| URL Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
|
| Using Escaped Slashes in Alternate Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Using Slashes in Alternate Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-185
|
Incorrect Regular Expression
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|
| Using UTF-8 Encoding to Bypass Validation Logic |
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-172
|
Encoding Error
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|
CWE-697
|
Incorrect Comparison
|
|