Deployment of Wrong Handler
Weakness ID: 430 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The wrong "handler" is assigned to process an object.

Extended Description

An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.

+ Time of Introduction
  • Implementation
+ Applicable Platforms



+ Observed Examples
CVE-2001-0004Source code disclosure via manipulated file extension that causes parsing by wrong DLL.
CVE-2002-0025Web browser does not properly handle the Content-Type header field, causing a different application to process the document.
CVE-2000-1052Source code disclosure by directly invoking a servlet.
CVE-2002-1742Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.
+ Potential Mitigations

Perform a type check before interpreting an object.

Phase: Architecture and Design

Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.

+ Weakness Ordinalities

This weakness is usually resultant from other weaknesses.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory429Handler Errors
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class691Insufficient Control Flow Management
Research Concepts (primary)1000
CanPrecedeWeakness VariantWeakness Variant433Unparsed Raw Web Content Delivery
Research Concepts1000
PeerOfWeakness BaseWeakness Base434Unrestricted Upload of File with Dangerous Type
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERImproper Handler Deployment
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description
2009-10-29CWE Content TeamMITREInternal
updated Other Notes, Weakness Ordinalities
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Improper Handler Deployment