CWE-181

Variant Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Draft MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Incorrect Behavior Order: Validate Before Filter

Description

The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

Consequences

Access Control — Bypass Protection Mechanism

Mitigations

Phase: Implementation, Architecture and Design

Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.