1. Home
  2. Weaknesses
  3. CWE-552

CWE-552: Files or Directories Accessible to External Parties

ID CWE-552
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 287
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product makes files or directories accessible to unauthorized actors, even though they should not be.

Web servers, FTP servers, and similar servers may store a set of files underneath a "root" directory that is accessible to the server's users. Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any. Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories.

In cloud technologies and containers, this weakness might present itself in the form of misconfigured storage accounts that can be read or written by a public or anonymous user.

Modes of Introduction

Phase Note
Architecture and Design
Implementation OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Operation OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Technology Not Technology-Specific
Technology Cloud Computing

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-668 Exposure of Resource to Wrong Sphere Class Simple Draft
CWE-1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Incomplete CWE-668 Exposure of Resource to Wrong Sphere Class Simple Draft
CWE-1000 Research Concepts Draft CWE-285 Improper Authorization Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-150 Collect Data from Common Resource Locations CWE-552
CAPEC-639 Probe System Files CWE-552

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date