CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Variant Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

常见后果

影响范围: Confidentiality Integrity Availability

技术影响: Execute Unauthorized Code or Commands

引入模式

阶段 说明
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

适用平台

编程语言
Not Language-Specific (Undetermined)

分类映射

分类名称 条目ID 条目名称 映射适配度
PLOVER - Server-Side Includes (SSI) Injection -
WASC 36 SSI Injection -
关键信息

CWE ID: CWE-97

抽象级别: Variant

结构: Simple

状态: Draft

相关弱点
ChildOf CWE-96

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Base
相关攻击模式
CAPEC-101 CAPEC-35
返回列表