{"@ID": "66", "@Name": "Improper Handling of File Names that Identify Virtual Resources", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "The product does not handle or incorrectly handles a file name that identifies a \"virtual\" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.", "Extended_Description": "Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "706", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant"}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Implementation"}, {"Phase": "Operation"}]}, "Common_Consequences": {"Consequence": {"Scope": "Other", "Impact": "Other"}}, "Detection_Methods": {"Detection_Method": [{"Method": "Automated Static Analysis - Binary or Bytecode", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": "Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Manual Static Analysis - Binary or Bytecode", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": "Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Dynamic Analysis with Automated Results Interpretation", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": ["Web Application Scanner", "Web Services Scanner", "Database Scanners"]}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Dynamic Analysis with Manual Results Interpretation", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": ["Fuzz Tester", "Framework-based Fuzzer"]}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Manual Static Analysis - Source Code", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Highly cost effective:", "xhtml:ul": {"xhtml:li": ["Focused Manual Spotcheck - Focused manual analysis of source", "Manual Source Code Review (not inspections)"]}}}, "Effectiveness": "High"}, {"Method": "Automated Static Analysis - Source Code", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": "Cost effective for partial coverage:", "xhtml:ul": {"xhtml:li": ["Source code Weakness Analyzer", "Context-configured Source Code Weakness Analyzer"]}}}, "Effectiveness": "SOAR Partial"}, {"Method": "Architecture or Design Review", "Description": {"xhtml:p": "According to SOAR [REF-1479], the following detection techniques may be useful:", "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": ["Highly cost effective:", "Cost effective for partial coverage:"], "xhtml:ul": [{"xhtml:li": "Formal Methods / Correct-By-Construction"}, {"xhtml:li": "Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}]}}, "Effectiveness": "High"}]}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-227", "Intro_Text": "Consider a web server that uses the Apple\n               HFS+ file system. It interprets FILE.cgi as processing\n               instructions.", "Body_Text": "An adversary could request\n\t\t\t   \"FILE.cgi/..namedfork/data\" to prevent FILE.cgi from\n\t\t\t   being executed, instead disclosing the source code for\n\t\t\t   FILE.cgi. This might occur because the web server\n\t\t\t   invokes the default handler which may return the\n\t\t\t   contents of the file."}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-1999-0278", "Description": "In IIS, remote attackers can obtain source code for ASP files by appending \"::$DATA\" to the URL.", "Link": "https://www.cve.org/CVERecord?id=CVE-1999-0278"}, {"Reference": "CVE-2004-1084", "Description": "Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-1084"}, {"Reference": "CVE-2002-0106", "Description": "Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-0106"}]}, "Functional_Areas": {"Functional_Area": "File Processing"}, "Affected_Resources": {"Affected_Resource": "File or Directory"}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "PLOVER", "Entry_Name": "Virtual Files"}}, "References": {"Reference": {"@External_Reference_ID": "REF-1479"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "PLOVER", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Description, Relationships, Taxonomy_Mappings, Type"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-03-10", "Modification_Version": "1.3", "Modification_ReleaseDate": "2009-03-10", "Modification_Comment": "updated Description, Name"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Detection_Factors, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Affected_Resources, Applicable_Platforms, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated Detection_Factors, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Demonstrative_Examples, Weakness_Ordinalities"}], "Previous_Entry_Name": [{"@Date": "2008-04-11", "#text": "Virtual Files"}, {"@Date": "2009-03-10", "#text": "Failure to Handle File Names that Identify Virtual Resources"}]}}
