CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-181: Incorrect Behavior Order: Validate Before Filter

 
Incorrect Behavior Order: Validate Before Filter
Weakness ID: 181 (Weakness Base)Status: Draft
+ Description

Description Summary

The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.

Extended Description

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

+ Alternate Terms
Validate-before-cleanse
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect

Technical Impact: Bypass protection mechanism

+ Demonstrative Examples

Example 1

This script creates a subdirectory within a user directory and sets the user as the owner.

(Bad Code)
Example Language: PHP 
function createDir($userName,$dirName){
$userDir = '/users/'. $userName;
if(strpos($dirName,'..') !== false){
echo 'Directory name contains invalid sequence';
return;
}
//filter out '~' because other scripts identify user directories by this prefix
$dirName = str_replace('~','',$dirName);
$newDir = $userDir . $dirName;
mkdir($newDir, 0700);
chown($newDir,$userName);
}

While the script attempts to screen for '..' sequences, an attacker can submit a directory path including ".~.", which will then become ".." after the filtering step. This allows a Path Traversal (CWE-21) attack to occur.

+ Observed Examples
ReferenceDescription
Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
+ Potential Mitigations

Phases: Implementation; Architecture and Design

Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory171Cleansing, Canonicalization, and Comparison Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base179Incorrect Behavior Order: Early Validation
Research Concepts (primary)1000
ChildOfCategoryCategory722OWASP Top Ten 2004 Category A1 - Unvalidated Input
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory896SFP Cluster: Tainted Input
Software Fault Pattern (SFP) Clusters (primary)888
+ Research Gaps

This category is probably under-studied.

+ Functional Areas
  • Protection Mechanism
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERValidate-Before-Filter
OWASP Top Ten 2004A1Unvalidated Input
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-08-15VeracodeExternal
Suggested OWASP Top Ten 2004 mapping
2008-09-08MITREInternal
updated Functional_Areas, Relationships, Research_Gaps, Taxonomy_Mappings, Type
2008-10-14MITREInternal
updated Description
2010-06-21MITREInternal
updated Description, Observed_Examples
2011-03-29MITREInternal
updated Demonstrative_Examples
2011-06-01MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships
2012-10-30MITREInternal
updated Potential_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Validate-before-filter
Page Last Updated: June 23, 2014