CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CWE-59 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Link Resolution Before File Access ('Link Following')
- Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- Common Consequences
Scope: Confidentiality, Integrity, Access Control
Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
Notes: An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
Scope: Other
Impact: Execute Unauthorized Code or Commands
Notes: Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website