CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
CWE-99 High
- Abstraction:
- Class
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Control of Resource Identifiers ('Resource Injection')
- Description
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
A resource injection issue occurs when the following two conditions are met: This may enable an attacker to access or modify otherwise protected system resources.
- Common Consequences
Scope: Confidentiality, Integrity
Impact: Read Application Data, Modify Application Data, Read Files or Directories, Modify Files or Directories
Notes: An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-10-26
Free security scan for your website