Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-706: Use of Incorrectly-Resolved Name or Reference

Use of Incorrectly-Resolved Name or Reference
Weakness ID: 706 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Common Consequences

Technical Impact: Read application data; Modify application data

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts (primary)1000
ChildOfCategoryCategory893SFP Cluster: Path Resolution
Software Fault Pattern (SFP) Clusters (primary)888
PeerOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Research Concepts1000
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Research Concepts1000
ParentOfWeakness BaseWeakness Base178Improper Handling of Case Sensitivity
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base827Improper Control of Document Type Definition
Research Concepts (primary)1000
+ Content History
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modification DateModifierOrganizationSource
updated Time_of_Introduction
updated Related_Attack_Patterns
updated Relationships
updated Relationships
updated Relationships
updated Common_Consequences
updated Related_Attack_Patterns, Relationships
Page Last Updated: June 23, 2014