CWE-59—Improper Link Resolution Before File Access ('Link Following')
PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11
Metadata
- CWE ID:
- CWE-59
- 摘要:
- Base
- 结构:
- Simple
- 状态:
- Draft
- 发布日期:
- 2006-07-19
- 更新日期:
- 2025-12-11
名称
Improper Link Resolution Before File Access ('Link Following')
描述
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
常见后果
- 范围:
- Confidentiality, Integrity, Access Control
- 影响:
- Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
- 注释:
- An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.
- 范围:
- Other
- 影响:
- Execute Unauthorized Code or Commands
- 注释:
- Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a ".LNK" file can be uploaded like a normal file. This can enable remote execution.