CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

Home/CWEs/CWE info/

CWE-177

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of URL Encoding (Hex Encoding)

Description: The product does not properly handle when all or part of an input has been URL encoded.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-172Encoding Error

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Top Alert List

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

MediumDirectory Browsing

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

Top CVE List

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2022-3075 Google Chromium Mojo Insufficient Data Validation Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2020-3452 Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVE-2020-3837 Apple Multiple Products Memory Corruption Vulnerability

CVE-2021-34486 Microsoft Windows Event Tracing Privilege Escalation Vulnerability

CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

Common CWEs

CWE-1067 Excessive Execution of Sequential Searches of Data Resource

CWE-1187 DEPRECATED: Use of Uninitialized Resource

CWE-624 Executable Regular Expression Error

CWE-1103 Use of Platform-Dependent Third Party Components

CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-580 clone() Method Without super.clone()

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

CWE-1230 Exposure of Sensitive Information Through Metadata

HighCWE-647 Use of Non-Canonical URL Paths for Authorization Decisions

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

The product does not properly handle when all or part of an input has been URL encoded.