The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
View on MITREIf the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.
Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
No detection method information available for this CWE.
These two Struts validation forms have the same name.
It is not certain which form will be used by Struts. It is critically important that validation logic be maintained and kept in sync with the rest of the product.
chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
View DetailsCWE-694: Use of Multiple Resources with Duplicate Identifier is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the product assumes that each resource has a unique identifier, the product could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
If exploited, CWE-694 (Use of Multiple Resources with Duplicate Identifier) it can compromise Access Control and Other, leading to outcomes such as Bypass Protection Mechanism and Quality Degradation.
Recommended mitigations for CWE-694 include: Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
CWE-694 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-694, including CVE-2013-4787. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-694 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.