SFP Secondary Cluster: Faulty Input Transformation

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Faulty Input Transformation cluster.

Weaknesses

Collapse of Data into Unsafe Value

The software filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.

Double Decoding of the Same Data

The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.

Encoding Error

The software does not properly encode or decode the data, resulting in unexpected values.

Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a r...

Improper Handling of Additional Special Element

The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.

Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

Improper Handling of Case Sensitivity

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Improper Handling of Inconsistent Special Elements

The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.

Improper Handling of Missing Special Element

The software receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.

Improper Handling of Mixed Encoding

The software does not properly handle when the same input uses several different (mixed) encodings.

Improper Handling of Unicode Encoding

The software does not properly handle when an input contains Unicode encoding.

Improper Handling of URL Encoding (Hex Encoding)

The software does not properly handle when all or part of an input has been URL encoded.

Incorrect Behavior Order: Early Validation

The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs t...

Incorrect Behavior Order: Validate Before Canonicalize

The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.

Incorrect Behavior Order: Validate Before Filter

The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.