CWE - CWE-73: External Control of File Name or Path (Draft 9)

Home > CWE List > CWE-73 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-73 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

73 (Weakness Class)

Description

Summary

Allowing user input to control paths used in filesystem operations may enable an attacker to access or modify otherwise protected system resources.

Likelihood of Exploit

High to Very High

Weakness Ordinality

Resultant (Weakness is typically related to the presence of some other weaknesses)

Causal Nature

Explicit (This is an explicit weakness resulting from behavior of the developer)

Demonstrative
Examples

The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as "../../tomcat/conf/server.xml", which causes the application to delete one of its own configuration files.

String rName = request.getParameter("reportName");
File rFile = new File("/usr/local/apfr/reports/" + rName);
...
rFile.delete();

The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.

fis = new FileInputStream(cfg.getProperty("sub")+".txt");
amt = fis.read(arr);
out.println(arr);

Context Notes

Path manipulation errors occur when the following two conditions are met: 1. An attacker can specify a path used in an operation on the filesystem. 2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker.

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	21	Pathname Traversal and Equivalence Errors
CanAlsoBe	Weakness Base	99	Insufficient Control of Resource Identifiers (aka 'Resource Injection')

Source Taxonomies

7 Pernicious Kingdoms - Path Manipulation

Applicable Platforms

All

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
80	Using UTF-8 Encoding to Bypass Validation Logic
79	Using Slashes in Alternate Encoding
72	URL Encoding
64	Using Slashes and URL Encoding Combined to Bypass Validation Logic
13	Subverting Environment Variable Values
76	Manipulating Input to File System Calls
78	Using Escaped Slashes in Alternate Encoding

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us