{"@ID": "430", "@Name": "Deployment of Wrong Handler", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The wrong \"handler\" is assigned to process an object.", "Extended_Description": "An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically \"determining\" type of the object even if it is contradictory to an explicitly specified type.", "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "691", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "CanPrecede", "@CWE_ID": "433", "@View_ID": "1000"}, {"@Nature": "PeerOf", "@CWE_ID": "434", "@View_ID": "1000"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Resultant", "Description": "This weakness is usually resultant from other weaknesses."}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": ["Integrity", "Other"], "Impact": ["Varies by Context", "Unexpected State"]}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Architecture and Design", "Description": "Perform a type check before interpreting an object."}, {"Phase": "Architecture and Design", "Description": "Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code."}]}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2001-0004", "Description": "Source code disclosure via manipulated file extension that causes parsing by wrong DLL.", "Link": "https://www.cve.org/CVERecord?id=CVE-2001-0004"}, {"Reference": "CVE-2002-0025", "Description": "Web browser does not properly handle the Content-Type header field, causing a different application to process the document.", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-0025"}, {"Reference": "CVE-2000-1052", "Description": "Source code disclosure by directly invoking a servlet.", "Link": "https://www.cve.org/CVERecord?id=CVE-2000-1052"}, {"Reference": "CVE-2002-1742", "Description": "Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-1742"}]}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "PLOVER", "Entry_Name": "Improper Handler Deployment"}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "11"}}, "References": {"Reference": {"@External_Reference_ID": "REF-62", "@Section": "Chapter 3, \"File Handlers\", Page 74"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "PLOVER", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Potential_Mitigations, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Relationships, Other_Notes, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-10-14", "Modification_Version": "1.0.1", "Modification_ReleaseDate": "2008-10-14", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-10-29", "Modification_Version": "1.6", "Modification_ReleaseDate": "2009-10-29", "Modification_Comment": "updated Other_Notes, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-27", "Modification_Version": "2.0", "Modification_ReleaseDate": "2011-06-27", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-06-20", "Modification_Version": "3.3", "Modification_ReleaseDate": "2019-06-20", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms"}], "Previous_Entry_Name": {"@Date": "2008-04-11", "#text": "Improper Handler Deployment"}}}
