CWE-430

BaseIncomplete

View on MITRE

Deployment of Wrong Handler

The wrong "handler" is assigned to process an object.

1 linked vulnerability

3 related weaknesses

Extended Description

An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.

Architecture and Design

Perform a type check before interpreting an object.

Architecture and Design

Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.

IntegrityOtherVaries by ContextUnexpected State

Modes of Introduction

Implementation

Related Weaknesses

CWE-691ChildOf CWE-433CanPrecede CWE-434PeerOf

Example CVEs (4)

CVE-2001-0004

Source code disclosure via manipulated file extension that causes parsing by wrong DLL.

CVE-2002-0025

Web browser does not properly handle the Content-Type header field, causing a different application to process the document.

CVE-2000-1052

Source code disclosure by directly invoking a servlet.

CVE-2002-1742

Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.

External Links

MITRE CWE Database