Modes d'introduction
Implementation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)
Systèmes d’exploitation
Class: Windows (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Confidentiality Integrity | Read Files or Directories, Modify Files or Directories | |
Exemples observés
Références |
Description |
| Multiple web servers allow restriction bypass using 8.3 names instead of long names |
| Source code disclosure using 8.3 file name. |
| Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format. |
Mesures d’atténuation potentielles
Phases : System Configuration
Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
Probably under-studied.
Références
REF-7
Writing Secure Code
Michael Howard, David LeBlanc.
https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223 REF-62
The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Applicable_Platforms, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2008-10-14 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated References, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, References |
CWE Content Team |
MITRE |
2018-03-27 +00:00 |
updated References |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |