CWE-430: Deployment of Wrong Handler
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The wrong "handler" is assigned to process an object.
扩展描述
An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.
常见后果
影响范围: Integrity Other
技术影响: Varies by Context Unexpected State
潜在缓解措施
阶段: Architecture and Design
描述: Perform a type check before interpreting an object.
阶段: Architecture and Design
描述: Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.
观察示例
参考: CVE-2001-0004
Source code disclosure via manipulated file extension that causes parsing by wrong DLL.
参考: CVE-2002-0025
Web browser does not properly handle the Content-Type header field, causing a different application to process the document.
参考: CVE-2000-1052
Source code disclosure by directly invoking a servlet.
参考: CVE-2002-1742
Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Improper Handler Deployment | - |