CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-97 (Improper Neutralization of Server-Side Includes (SSI) Within a Web Page) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-97?

What CVEs are caused by CWE-97?

What are the consequences of CWE-97?

Is CWE-97 actively exploited?

References

Stay ahead of CWE-97

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-97?

What CVEs are caused by CWE-97?

What are the consequences of CWE-97?

Is CWE-97 actively exploited?

References

Stay ahead of CWE-97