CWE-694
Use of Multiple Resources with Duplicate Identifier
Incomplete
2008-09-09
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Use of Multiple Resources with Duplicate Identifier
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
Opis CWE
If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
Informacje ogólne
Sposoby wprowadzenia
Architecture and DesignImplementation
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Access Control | Bypass Protection Mechanism Note: If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection. | |
| Other | Quality Degradation |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2013-4787 | chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive. |
Potencjalne środki zaradcze
Phases : Architecture and DesignWhere possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Notatki
This weakness is probably closely associated with other issues related to doubling, such as CWE-675 (Duplicate Operations on Resource). It's often a case of an API contract violation (CWE-227).Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.0 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relevant_Properties | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
