CWE-697

Incorrect Comparison

Pillar

Incomplete

Description

The product compares two entities in a security-relevant context, but the comparison is incorrect.

{"xhtml:p":["This Pillar covers several possibilities:"],"xhtml:ul":[{"xhtml:li":["the comparison checks one factor incorrectly;","the comparison should consider multiple factors, but it does not check at least one of those factors at all;","the comparison checks the wrong factor."]}]}

Common Consequences

Scope

Other

Impact

Varies by Context

CVE-2021-3116

Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)

CVE-2020-15811

Chain: Proxy uses a substring search instead of parsing the Transfer-Encoding header (CWE-697), allowing request splitting (CWE-113) and cache poisoning

CVE-2016-10003

Proxy performs incorrect comparison of request headers, leading to infoleak

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-697

Incorrect Comparison

Description

Common Consequences

Related CVEs

Applicable Platforms