CWE-183 - CERT CVE

CWE-183 - Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

CAPEC ID Naziv
CAPEC-120 Double Encoding
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic