CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

BaseStable

Description

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
Languages
Platforms
Languages

Frequently Asked Questions

What is CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')?+

CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following') is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description

What are the security consequences of CWE-59: Improper Link Resolution Before File Access ('Link Following')?+

If exploited, CWE-59 (CWE-59: Improper Link Resolution Before File Access ('Link Following')) it can compromise Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism and Execute Unauthorized Code or Commands, leading to outcomes such as Scope: Confidentiality, Integrity, Access Control An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism., Scope: Other Windows simple shortcuts, sometimes referred to as soft links and can be exploited remotely since a &#34.

How do you prevent or mitigate CWE-59: Improper Link Resolution Before File Access ('Link Following')?+

Recommended mitigations for CWE-59 include: Strategy: Separation of Privilege Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Which programming languages are affected by CWE-59: Improper Link Resolution Before File Access ('Link Following')?+

CWE-59 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-59 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More