BaseIncomplete

CWE-430Deployment of Wrong Handler

Category: other

Description

The wrong "handler" is assigned to process an object. An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically "determining" type of the object even if it is contradictory to an explicitly specified type.

Common consequences· 1

  • Integrity / Other — Varies by Context, Unexpected State

Potential mitigations· 2

  • [Architecture and Design]Perform a type check before interpreting an object.
  • [Architecture and Design]Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code.

Related CAPEC attack patterns· 1

CAPEC-11

References

  1. https://cwe.mitre.org/data/definitions/430.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternCause Web Server Misclassificationcapec-11100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-3946cve-2025-39460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Uncaught Exception in Servlet
CWE
J2EE Misconfiguration: Entity Bean Declared Remote
CWE
Missing Handler
CWE
J2EE Misconfiguration: Missing Custom Error Page
CWE
Declaration of Catch for Generic Exception
CWE
J2EE Framework: Saving Unserializable Objects to Disk
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.