CWE-59: Improper Link Resolution Before File Access ('Link Following')

ID CWE-59

Abstraction Base

Structure Simple

Status Draft

Number of CVEs 1144

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific
Operating_system	Windows
Operating_system	Unix

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-706	Use of Incorrectly-Resolved Name or Reference	Class	Simple	Incomplete
CWE-1003	Weaknesses for Simplified Mapping of Published Vulnerabilities	Incomplete	CWE-706	Use of Incorrectly-Resolved Name or Reference	Class	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-17	Using Malicious Files	CWE-59
CAPEC-35	Leverage Executable Code in Non-Executable Files	CWE-59
CAPEC-76	Manipulating Web Input to File System Calls	CWE-59
CAPEC-132	Symlink Attack	CWE-59

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date