CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-641: Improper Restriction of Names for Files and Other Resources

Weakness ID: 641
Abstraction: Base
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The application constructs the name of a file or other resource using input from an upstream component, but does not restrict or incorrectly restricts the resulting name.

Extended Description

This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client's browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Integrity
Confidentiality
Availability

Technical Impact: Execute unauthorized code or commands

Execution of arbitrary code in the context of usage of the resources with dangerous names.

Confidentiality
Availability

Technical Impact: Read application data; DoS: crash / exit / restart

Crash of the consumer code of these resources resulting in information leakage or denial of service.

+ Likelihood of Exploit

Low

+ Enabling Factors for Exploitation

Resource names are controllable by the user.

No sufficient validation of resource names at entry points or before consumption by other processes.

Context where the resources are consumed makes execution of code possible based on the names of the supplied resources.

+ Potential Mitigations

Phase: Architecture and Design

Do not allow users to control names of resources used on the server side.

Phase: Architecture and Design

Perform white list input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them.

Phase: Architecture and Design

Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory990SFP Secondary Cluster: Tainted Input to Command
Software Fault Pattern (SFP) Clusters (primary)888
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
Software Fault PatternsSFP24Tainted input to command
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-01-30Evgeny LebanidzeCigitalExternal Submission
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Common_Consequences, Relationships
2008-10-14CWE Content TeamMITREInternal
updated Description
2009-10-29CWE Content TeamMITREInternal
updated Common_Consequences
2010-06-21CWE Content TeamMITREInternal
updated Description, Name, Type
2010-12-13CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Observed_Examples, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
Previous Entry Names
Change DatePrevious Entry Name
2010-06-21Insufficient Filtering of File and Other Resource Names for Executable Content

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017