logo

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

CWE-59 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Improper Link Resolution Before File Access ('Link Following')

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Common Consequences

Scope: Confidentiality, Integrity, Access Control

Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism

Notes: An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.

Scope: Other

Impact: Execute Unauthorized Code or Commands

Notes: Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website