CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-706: Use of Incorrectly-Resolved Name or Reference

 
Use of Incorrectly-Resolved Name or Reference
Weakness ID: 706 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality
Integrity

Technical Impact: Read application data; Modify application data

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts (primary)1000
ChildOfCategoryCategory893SFP Cluster: Path Resolution
Software Fault Pattern (SFP) Clusters (primary)888
PeerOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Research Concepts1000
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Research Concepts1000
ParentOfWeakness BaseWeakness Base178Improper Handling of Case Sensitivity
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base827Improper Control of Document Type Definition
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2009-03-10CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2010-02-16CWE Content TeamMITREInternal
updated Relationships
2010-12-13CWE Content TeamMITREInternal
updated Relationships
2011-03-29CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Related_Attack_Patterns, Relationships
Page Last Updated: February 18, 2014