ByteOS Network

CWE-430:Deployment of Wrong Handler

Weakness ID:430

Version:v4.17

Weakness Name:Deployment of Wrong Handler

Vulnerability Mapping:Allowed

Abstraction:Base

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

The wrong "handler" is assigned to process an object.

▼Extended Description

An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
CanPrecede	Allowed	V	433	Unparsed Raw Web Content Delivery
ChildOf	Discouraged	P	691	Insufficient Control Flow Management
ParentOf	Allowed	B	434	Unrestricted Upload of File with Dangerous Type

Nature: CanPrecede

Mapping: Allowed

Type: Variant

ID: 433

Name: Unparsed Raw Web Content Delivery

Nature: ChildOf

Mapping: Discouraged

Type: Pillar

ID: 691

Name: Insufficient Control Flow Management

Nature: ParentOf

Mapping: Allowed

Type: Base

ID: 434

Name: Unrestricted Upload of File with Dangerous Type

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	429	Handler Errors
MemberOf	Prohibited	C	977	SFP Secondary Cluster: Design
MemberOf	Prohibited	C	1348	OWASP Top Ten 2021 Category A04:2021 - Insecure Design
MemberOf	Prohibited	C	1410	Comprehensive Categorization: Insufficient Control Flow Management

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 429

Name: Handler Errors

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 977

Name: SFP Secondary Cluster: Design

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1348

Name: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1410

Name: Comprehensive Categorization: Insufficient Control Flow Management

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-294	Not Language-Specific Weaknesses
MemberOf	Prohibited	BS	BOSS-315	Unexpected State (impact)
MemberOf	Prohibited	BS	BOSS-326	Varies by Context (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-294

Name: Not Language-Specific Weaknesses

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-315

Name: Unexpected State (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-326

Name: Varies by Context (impact)

▼Relevant To View

Relevant to the view"OWASP Top Ten (2021) - (1344)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1348	OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 1348

Name: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Relevant to the view"Software Development - (699)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	429	Handler Errors

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 429

Name: Handler Errors

Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	977	SFP Secondary Cluster: Design

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 977

Name: SFP Secondary Cluster: Design

▼Common Consequences

Scope	Likelihood	Impact	Note
IntegrityOther	N/A	Varies by ContextUnexpected State	N/A

Scope: Integrity, Other

Likelihood: N/A

Impact: Varies by Context, Unexpected State

Note:

N/A

▼Potential Mitigations

Phase:Architecture and Design

Description:

Perform a type check before interpreting an object.

Phase:Architecture and Design

Description:

Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.

▼Modes Of Introduction

Phase: Implementation

Note:

N/A

▼Applicable Platforms

Languages

Class: Not Language-Specific(Undetermined Prevalence)

▼Observed Examples

Reference	Description
CVE-2001-0004	Source code disclosure via manipulated file extension that causes parsing by wrong DLL.
CVE-2002-0025	Web browser does not properly handle the Content-Type header field, causing a different application to process the document.
CVE-2000-1052	Source code disclosure by directly invoking a servlet.
CVE-2002-1742	Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.

Reference: CVE-2001-0004

Description:

Source code disclosure via manipulated file extension that causes parsing by wrong DLL.

Reference: CVE-2002-0025

Description:

Web browser does not properly handle the Content-Type header field, causing a different application to process the document.

Reference: CVE-2000-1052

Description:

Source code disclosure by directly invoking a servlet.

Reference: CVE-2002-1742

Description:

Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.

▼Weakness Ordinalities

Ordinality	Description
Resultant	This weakness is usually resultant from other weaknesses.

Ordinality: Resultant

Description:

This weakness is usually resultant from other weaknesses.

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
PLOVER	N/A	N/A	Improper Handler Deployment

Taxonomy Name: PLOVER

Entry ID: N/A

Fit: N/A

Entry Name: Improper Handler Deployment

▼Related Attack Patterns

ID	Name
CAPEC-11	Cause Web Server Misclassification

ID: CAPEC-11

Name: Cause Web Server Misclassification

▼References

Reference ID: REF-62

Title: The Art of Software Security Assessment

Author: Mark Dowd, John McDonald, Justin Schuh

Section: Chapter 3, "File Handlers", Page 74

Publication:

Publisher:Addison Wesley

Edition:1st Edition

Day:N/A

Month:N/A

Year:2006