CWE-173 - CERT CVE

CWE-173 - Improper Handling of Alternate Encoding

The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.

CAPEC ID Naziv
CAPEC-120 Double Encoding
CAPEC-267 Leverage Alternate Encoding
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-4 Using Alternative IP Address Encodings
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic