CWE-697: Incorrect Comparison

Pillar Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

常见后果

影响范围: Other

技术影响: Varies by Context

观察示例

参考: CVE-2021-3116

Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)

参考: CVE-2020-15811

Chain: Proxy uses a substring search instead of parsing the Transfer-Encoding header (CWE-697), allowing request splitting (CWE-113) and cache poisoning

参考: CVE-2016-10003

Proxy performs incorrect comparison of request headers, leading to infoleak

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)
技术
Not Technology-Specific (Undetermined)
关键信息

CWE ID: CWE-697

抽象级别: Pillar

结构: Simple

状态: Incomplete

相关攻击模式
CAPEC-10 CAPEC-120 CAPEC-14 CAPEC-15 CAPEC-182 CAPEC-24 CAPEC-267 CAPEC-3 CAPEC-41 CAPEC-43 CAPEC-44 CAPEC-45 CAPEC-46 CAPEC-47 CAPEC-52 CAPEC-53 CAPEC-6 CAPEC-64 CAPEC-67 CAPEC-7 CAPEC-71 CAPEC-73 CAPEC-78 CAPEC-79 CAPEC-8 CAPEC-80 CAPEC-88 CAPEC-9 CAPEC-92
返回列表