CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
Official CWE-551 definition at MITREImpactr finds and proves weaknesses like CWE-551 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist