CAPEC | Related Weakness |
Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Using Escaped Slashes in Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
URL Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
|
Using UTF-8 Encoding to Bypass Validation Logic |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
Using Slashes in Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-185 | Incorrect Regular Expression |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Double Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
Leverage Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|