Variant weakness

Draft

CWE-180: Incorrect Behavior Order: Validate Before Canonicalize

The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

CWE-180: Incorrect Behavior Order: Validate Before Canonicalize

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-180?

What CVEs are caused by CWE-180?

Is CWE-180 part of the OWASP Top 10?

How do you prevent CWE-180?

What are the consequences of CWE-180?

Is CWE-180 actively exploited?

References

Stay ahead of CWE-180

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-180?

What CVEs are caused by CWE-180?

Is CWE-180 part of the OWASP Top 10?

How do you prevent CWE-180?

What are the consequences of CWE-180?

Is CWE-180 actively exploited?

References

Stay ahead of CWE-180