Use of Incorrectly-Resolved Name or Reference
Weakness ID: 706 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Research Concepts1000
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base178Failure to Resolve Case Sensitivity
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
38Leveraging/Manipulating Configuration File Search Paths
48Passing Local Filenames to Functions That Expect a URL
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns