CWE-72: Improper Handling of Apple HFS+ Alternate Data Stream Path

VariantIncomplete

The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

View on MITRE

Back to CWE Lookup

Extended Description

If the product chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the product may take unexpected actions. Further, if the product intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

macOS

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-72

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references