CWE-697

Incorrect Comparison

Pillar

What it is

The product compares two entities in a security-relevant context, but the comparison is incorrect.

This Pillar covers several possibilities:- the comparison checks one factor incorrectly;- the comparison should consider multiple factors, but it does not check at least one of those factors at all;- the comparison checks the wrong factor.

Impact

Other

Varies by Context

Real-world CVE examples

CVE-2021-3116 — Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if a
CVE-2020-15811 — Chain: Proxy uses a substring search instead of parsing the Transfer-Encoding header (CWE-697), allowing request splitting (CWE-113) and cache poisoning
CVE-2016-10003 — Proxy performs incorrect comparison of request headers, leading to infoleak

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →