CWE-59Improper Link Resolution Before File Access ('Link Following')

PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-59
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Improper Link Resolution Before File Access ('Link Following')

描述

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

常见后果

范围:
Confidentiality, Integrity, Access Control
影响:
Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
注释:
An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
范围:
Other
影响:
Execute Unauthorized Code or Commands
注释:
Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.

相关 CWE