Tag Archives: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Read Time:17 Second

Description

The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-96

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

CVE References