Improper Handling of File Names that Identify Virtual Resources
Weakness ID: 66 (Weakness Base)Status: Draft
+ Description

Description Summary

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

Extended Description

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory21Pathname Traversal and Equivalence Errors
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class706Use of Incorrectly-Resolved Name or Reference
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant67Improper Handling of Windows Device Names
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfCategoryCategory68Windows Virtual File Problems
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant69Failure to Handle Windows ::DATA Alternate Data Stream
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfCategoryCategory70Mac Virtual File Problems
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant71Apple '.DS_Store'
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant72Improper Handling of Apple HFS+ Alternate Data Stream Path
Development Concepts (primary)699
Research Concepts (primary)1000
+ Affected Resources
  • File/Directory
+ Functional Areas
  • File processing
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERVirtual Files
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy Mappings, Type
2009-03-10CWE Content TeamMITREInternal
updated Description, Name
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Virtual Files
2009-03-10Failure to Handle File Names that Identify Virtual Resources