CWE-696: Incorrect Behavior Order

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string "/safe_dir/".

Vulnerable example

java

String path = getInputPath();

Safe example

java

String path = getInputPath();

This function prints the contents of a specified file requested by a user.

Vulnerable example

php

function printFile($username,$filename){

This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.

Vulnerable example

verilog

if (!rst_n)

Safe example

verilog

if (!rst_n)

CWE-696: Incorrect Behavior Order

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-696?

What CVEs are caused by CWE-696?

What are the consequences of CWE-696?

Is CWE-696 actively exploited?

References

Stay ahead of CWE-696

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-696?

What CVEs are caused by CWE-696?

What are the consequences of CWE-696?

Is CWE-696 actively exploited?

References

Stay ahead of CWE-696