CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

Home/CWEs/CWE info/

CWE-177

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of URL Encoding (Hex Encoding)

Description: The product does not properly handle when all or part of an input has been URL encoded.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-172Encoding Error

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

CWE top 25 most dangerous software weaknesses

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

Download: CIS Critical Security Controls v8.1

Hackers now use AppDomain Injection to drop CobaltStrike beacons

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Common Alerts

HighSQL Injection - PostgreSQL

MediumMultiple X-Frame-Options Header Entries

LowStrict-Transport-Security Defined via META (Non-compliant with Spec)

MediumFile Upload

HighSource Code Disclosure - File Inclusion

MediumCSP: script-src unsafe-hashes

LowInformation Disclosure - Debug Error Messages via WebSocket

HighRemote Code Execution - Shell Shock

InformationalInformation Disclosure - Information in Browser sessionStorage

LowX-Debug-Token Information Leak

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Common CWEs

CWE-806 Buffer Access Using Size of Source Buffer

HighCWE-67 Improper Handling of Windows Device Names

CWE-1263 Improper Physical Access Control

CWE-769 DEPRECATED: Uncontrolled File Descriptor Consumption

CWE-91 XML Injection (aka Blind XPath Injection)

LowCWE-263 Password Aging with Long Expiration

CWE-622 Improper Validation of Function Hook Arguments

CWE-1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

CWE-1291 Public Key Re-Use for Signing both Debug and Production Code

CWE-785 Use of Path Manipulation Function without Maximum-sized Buffer

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

The product does not properly handle when all or part of an input has been URL encoded.