Description

The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-179

Consequences

Access Control: Bypass Protection Mechanism

Potential Mitigations

Phase: Implementation, Architecture and Design

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being filtered.

CVE References

• CVE-2002-0934
  • Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a “..” sequence.

• CVE-2003-0282
  • Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a “..” sequence.