CWE-430

Deployment of Wrong Handler

Base

Incomplete

Description

The wrong "handler" is assigned to process an object.

An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.

Parent Weaknesses (ChildOf)

CWE-691: Insufficient Control Flow Mana...

Related Weaknesses

CWE-433 (CanPrecede)

CWE-434 (PeerOf)

Common Consequences

Scope

Integrity

Other

Impact

Varies by Context, Unexpected State

Potential Mitigations

Architecture and Design

Perform a type check before interpreting an object.

Architecture and Design

Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.

CVE-2001-0004

Source code disclosure via manipulated file extension that causes parsing by wrong DLL.

CVE-2002-0025

Web browser does not properly handle the Content-Type header field, causing a different application to process the document.

CVE-2000-1052

Source code disclosure by directly invoking a servlet.

CVE-2002-1742

Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now