|
|
|
|
CWE-433 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 433 (Weakness Variant) | | Description | Summary Raw content or supporting code is stored under the web root with an extension that is not
specially handled by the server such as ".inc" or ".pl", causing the content or code to be
delivered to the user without the pre-processing that was expected, typically resulting in an
information leak. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-1886 | ".inc" file stored under web document root and returned unparsed by the
server | | CVE-2002-2065 | ".inc" file stored under web document root and returned unparsed by the
server | | CVE-2005-2029 | ".inc" file stored under web document root and returned unparsed by the
server | | SECUNIA:11394 | ".inc" file stored under web document root and returned unparsed by the
server | | CVE-2001-0330 | direct request to .pl file leaves it unparsed | | CVE-2002-0614 | .inc file | | CVE-2004-2353 | unparsed config.conf file | | CVE-2007-3365 | Chain: uppercase file extensions causes web server
to return script source code instead of executing the script. |
| | Context Notes | This can overlap containment errors, but it is not necessarily the same thing. Also overlaps direct requests, alternate path, permissions, sensitive file under web
root | | Relationships | | | Source Taxonomies | PLOVER - Unparsed Raw Web Content Delivery | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
