Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Output Encoding Strategy
ID:BOSS-284
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) displays Output Encoding strategy weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowedV113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
HasMemberAllowedB117Improper Output Neutralization for Logs
HasMemberDiscouragedC138Improper Neutralization of Special Elements
HasMemberAllowedB140Improper Neutralization of Delimiters
HasMemberAllowedV141Improper Neutralization of Parameter/Argument Delimiters
HasMemberAllowedV142Improper Neutralization of Value Delimiters
HasMemberAllowedV143Improper Neutralization of Record Delimiters
HasMemberAllowedV144Improper Neutralization of Line Delimiters
HasMemberAllowedV145Improper Neutralization of Section Delimiters
HasMemberAllowedV146Improper Neutralization of Expression/Command Delimiters
HasMemberAllowedV147Improper Neutralization of Input Terminators
HasMemberAllowedV148Improper Neutralization of Input Leaders
HasMemberAllowedV149Improper Neutralization of Quoting Syntax
HasMemberAllowedV150Improper Neutralization of Escape, Meta, or Control Sequences
HasMemberAllowedV151Improper Neutralization of Comment Delimiters
HasMemberAllowedV152Improper Neutralization of Macro Symbols
HasMemberAllowedV153Improper Neutralization of Substitution Characters
HasMemberAllowedV154Improper Neutralization of Variable Name Delimiters
HasMemberAllowedV155Improper Neutralization of Wildcards or Matching Symbols
HasMemberAllowedV156Improper Neutralization of Whitespace
HasMemberAllowedV157Failure to Sanitize Paired Delimiters
HasMemberAllowed-with-ReviewC159Improper Handling of Invalid Use of Special Elements
HasMemberAllowedV160Improper Neutralization of Leading Special Elements
HasMemberAllowedV161Improper Neutralization of Multiple Leading Special Elements
HasMemberAllowedV162Improper Neutralization of Trailing Special Elements
HasMemberAllowedV163Improper Neutralization of Multiple Trailing Special Elements
HasMemberAllowedV164Improper Neutralization of Internal Special Elements
HasMemberAllowedV165Improper Neutralization of Multiple Internal Special Elements
HasMemberAllowedB167Improper Handling of Additional Special Element
HasMemberAllowed-with-ReviewC172Encoding Error
HasMemberAllowedV173Improper Handling of Alternate Encoding
HasMemberAllowedV174Double Decoding of the Same Data
HasMemberAllowedV175Improper Handling of Mixed Encoding
HasMemberAllowedB41Improper Resolution of Path Equivalence
HasMemberAllowed-with-ReviewC451User Interface (UI) Misrepresentation of Critical Information
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedV80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
HasMemberAllowedV81Improper Neutralization of Script in an Error Message Web Page
HasMemberAllowedV82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
HasMemberAllowedV83Improper Neutralization of Script in Attributes in a Web Page
HasMemberAllowedB838Inappropriate Encoding for Output Context
HasMemberAllowedV84Improper Neutralization of Encoded URI Schemes in a Web Page
HasMemberAllowedV85Doubled Character XSS Manipulations
HasMemberAllowedV86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
HasMemberAllowedV87Improper Neutralization of Alternate XSS Syntax
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedB96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 113
Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 117
Name: Improper Output Neutralization for Logs
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 138
Name: Improper Neutralization of Special Elements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 140
Name: Improper Neutralization of Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 141
Name: Improper Neutralization of Parameter/Argument Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 142
Name: Improper Neutralization of Value Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 143
Name: Improper Neutralization of Record Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 144
Name: Improper Neutralization of Line Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 145
Name: Improper Neutralization of Section Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 146
Name: Improper Neutralization of Expression/Command Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 147
Name: Improper Neutralization of Input Terminators
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 148
Name: Improper Neutralization of Input Leaders
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 149
Name: Improper Neutralization of Quoting Syntax
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 150
Name: Improper Neutralization of Escape, Meta, or Control Sequences
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 151
Name: Improper Neutralization of Comment Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 152
Name: Improper Neutralization of Macro Symbols
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 153
Name: Improper Neutralization of Substitution Characters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 154
Name: Improper Neutralization of Variable Name Delimiters
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 155
Name: Improper Neutralization of Wildcards or Matching Symbols
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 156
Name: Improper Neutralization of Whitespace
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 157
Name: Failure to Sanitize Paired Delimiters
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 159
Name: Improper Handling of Invalid Use of Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 160
Name: Improper Neutralization of Leading Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 161
Name: Improper Neutralization of Multiple Leading Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 162
Name: Improper Neutralization of Trailing Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 163
Name: Improper Neutralization of Multiple Trailing Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 164
Name: Improper Neutralization of Internal Special Elements
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 165
Name: Improper Neutralization of Multiple Internal Special Elements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 167
Name: Improper Handling of Additional Special Element
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 172
Name: Encoding Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 173
Name: Improper Handling of Alternate Encoding
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 174
Name: Double Decoding of the Same Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 175
Name: Improper Handling of Mixed Encoding
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 41
Name: Improper Resolution of Path Equivalence
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 451
Name: User Interface (UI) Misrepresentation of Critical Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 80
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 81
Name: Improper Neutralization of Script in an Error Message Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 82
Name: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 83
Name: Improper Neutralization of Script in Attributes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 838
Name: Inappropriate Encoding for Output Context
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 84
Name: Improper Neutralization of Encoded URI Schemes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 85
Name: Doubled Character XSS Manipulations
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 86
Name: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 87
Name: Improper Neutralization of Alternate XSS Syntax
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 96
Name: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
▼Vendors
Note: CVE records are filtered based on below selected vendors.
Not available
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-284 - Output Encoding Strategy
Details not found