|
|
|
|
CWE-646 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 646 (Weakness Variant) | | Description | Summary When server side functionality relies on file name and/or file extension of a user supplied file to determine the proper course of action, such as selecting the correct
process to which control should be passed, deciding what data should be made available or what resources should be allocated, it becomes possible
for an attacker to deliberately cause the server side code to misclassify the supplied file in order to gain some advantage. It might become possible
for an attacker to cause exhaustion of resources, denial of service, information disclosure of debug or system data (including application source code),
or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used
by the web and application servers, due to misconfiguration or to a flaw in the application itself. | | Likelihood of Exploit | High | | Common Consequences | Information Leakage Denial of Service Privilege Escalation | | Enabling Factors for Exploitation |
There is reliance on file name and/or file extension on the server side for processing.
| | Potential Mitigations |
Make decisions on the server side based on file content and not on file name or extension.
Properly configure web and applications servers.
Install the latest security patches for all of the technologies being used on the server side.
| | Observed Examples | | Reference | Description |
|---|
| CVE-2000-0499:
A vulnerability was found in 2000 in the IBM WebSphere application server that allowed a remote attacker to view source
code of the jsp page by requesting a URL that provides a JSP extension in upper case. |
| | Relationships | | | Applicable Platforms | All | | Time of Introduction | Architecture and Design Implementation System Configuration |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
