CWE•Base•Incomplete•0 recent CVEs
CWE-430Deployment of Wrong Handler
Description
The wrong "handler" is assigned to process an object.
An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.
Common consequences
- Integrity,Other→Varies by Context,Unexpected State
Potential mitigations
- Architecture and DesignPerform a type check before interpreting an object.
- Architecture and DesignReject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.