CWE-433

Unparsed Raw Web Content Delivery

AI Translation Available

The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.

Status

incomplete

Abstraction

variant

Affected Platforms

Web Based Web Server

Extended Description

AI Translation

If code is stored in a file with an extension such as '.inc' or '.pl', and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.

Technical Details

AI Translation

Common Consequences

confidentiality

Impacts

read application data

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Perform a type check before interpreting files.

• Do not store sensitive information in files which may be misinterpreted.

AI Generated Translation

Common Consequences

riservatezza

Impacts

leggere dati applicazione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Esegui un controllo del tipo prima di interpretare i file.

• Non memorizzare informazioni sensibili in file che potrebbero essere fraintesi.

CWE-433

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter