VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (624)

page 12 of 32
  • CVE-2008-5742Dec 26, 2008
    risk 0.03cvss epss 0.03

    Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.

  • CVE-2008-5706Dec 22, 2008
    risk 0.03cvss epss 0.00

    The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.

  • CVE-2008-5394Dec 9, 2008
    risk 0.03cvss epss 0.00

    /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

  • CVE-2008-5377Dec 8, 2008
    risk 0.03cvss epss 0.00

    pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

  • CVE-2008-4192Sep 29, 2008
    risk 0.03cvss epss 0.00

    The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

  • CVE-2008-4190Sep 24, 2008
    risk 0.03cvss epss 0.00

    The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

  • CVE-2008-3261Jul 22, 2008
    risk 0.03cvss epss 0.04

    Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.

  • CVE-2008-0167May 18, 2008
    risk 0.03cvss epss 0.01

    The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

  • CVE-2008-0613Feb 6, 2008
    risk 0.03cvss epss 0.03

    Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

  • CVE-2007-4652Sep 4, 2007
    risk 0.03cvss epss 0.00

    The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

  • CVE-2007-3103Jul 15, 2007
    risk 0.03cvss epss 0.00

    The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

  • CVE-2006-5851Nov 10, 2006
    risk 0.03cvss epss 0.00

    openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

  • CVE-2002-0824Aug 12, 2002
    risk 0.03cvss epss 0.00

    BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

  • CVE-1999-0981Dec 8, 1999
    risk 0.03cvss epss 0.05

    Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

  • CVE-2014-9512Feb 12, 2015
    risk 0.01cvss epss 0.09

    rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

  • CVE-2015-0794Nov 19, 2015
    risk 0.00cvss epss 0.00

    modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

  • CVE-2015-1335Oct 1, 2015
    risk 0.00cvss epss 0.00

    lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

  • CVE-2015-6927Sep 28, 2015
    risk 0.00cvss epss 0.00

    vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.

  • CVE-2015-5752Aug 17, 2015
    risk 0.00cvss epss 0.00

    Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

  • CVE-2015-3759Aug 16, 2015
    risk 0.00cvss epss 0.00

    Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.