Early Access — Mondoo Vulnerability Intelligence is currently in preview.

CWE-66: Improper Handling of File Names that Identify Virtual Resources | Mondoo Vulnerability Intelligence

CWE-66

BaseDraft

Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

1 linked vulnerability

1 related weaknesses

Extended Description

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

OtherOther

Automated Static Analysis - Binary or BytecodeEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Bytecode Weakness Analysis - including disassembler + source code weakness analysis

Manual Static Analysis - Binary or BytecodeEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results InterpretationEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Web Application Scanner
Web Services Scanner
Database Scanners

Dynamic Analysis with Manual Results InterpretationEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Fuzz Tester
Framework-based Fuzzer

Manual Static Analysis - Source CodeEffectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Focused Manual Spotcheck - Focused manual analysis of source
Manual Source Code Review (not inspections)

Automated Static Analysis - Source CodeEffectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Source code Weakness Analyzer
Context-configured Source Code Weakness Analyzer

Architecture or Design ReviewEffectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Modes of Introduction

ImplementationOperation

Related Weaknesses

CWE-706ChildOf

Example CVEs (3)

CVE-1999-0278

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

CVE-2004-1084

Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.

CVE-2002-0106

Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

External Links

MITRE CWE Database