CWE-181: Incorrect Behavior Order: Validate Before Filter
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.
扩展描述
This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
潜在缓解措施
阶段: Implementation Architecture and Design
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.
观察示例
参考: CVE-2002-0934
Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
参考: CVE-2003-0282
Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Validate-Before-Filter | - |
| OWASP Top Ten 2004 | A1 | Unvalidated Input | CWE More Specific |
关键信息
CWE ID: CWE-181
抽象级别: Variant
结构: Simple
状态: Draft