Variant weakness
Draft
CWE-181: Incorrect Behavior Order: Validate Before Filter
Also known as: Validate-before-cleanse
Log in
Also known as: Validate-before-cleanse
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.
Last updated
This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.
What can happen when CWE-181 is exploited.
Bypass Protection Mechanism
Affects: Access Control
Typically introduced during these phases of the software lifecycle.
Practical mitigations for CWE-181, grouped by where in the lifecycle they apply.
Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.
Illustrative examples from MITRE showing how the weakness appears in code.
This script creates a subdirectory within a user directory and sets the user as the owner.
Vulnerable example
function createDir($userName,$dirName){While the script attempts to screen for '..' sequences, an attacker can submit a directory path including ".~.", which will then become ".." after the filtering step. This allows a Path Traversal (CWE-21) attack to occur.
Real CVEs that MITRE cites as examples of this weakness.
CAPEC attack patterns that exploit this weakness.
Common questions about CWE-181.
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.
CWE-181 maps to OWASP Top Ten 2004: Unvalidated Input (A1) in the OWASP security taxonomy.
Inputs should be decoded and canonicalized to the application's current internal representation before being filtered.
Exploiting CWE-181 can lead to: Bypass Protection Mechanism.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-181 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.