CWE-59
Improper Link Resolution Before File Access ('Link Following')
BaseDraftLikelihood: Medium
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (624)
page 32 of 32| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2001-1378 | 0.00 | — | 0.00 | Sep 6, 2001 | fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | ||
| CVE-2001-0131 | 0.00 | — | 0.00 | Mar 12, 2001 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||
| CVE-2000-0715 | 0.00 | — | 0.00 | Oct 20, 2000 | DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. | ||
| CVE-1999-0794 | 0.00 | — | 0.00 | Oct 1, 1999 | Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. |