CWE-73: CWE-73: External Control of File Name or Path

BaseStable

Description

View on MITRE
Back to CWE Lookup

Extended Description

Extended Description

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
Languages
Platforms

Frequently Asked Questions

What is CWE-73: CWE-73: External Control of File Name or Path?+

CWE-73: CWE-73: External Control of File Name or Path is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description

What are the security consequences of CWE-73: External Control of File Name or Path?+

If exploited, CWE-73 (CWE-73: External Control of File Name or Path) it can compromise Read Files or Directories, Modify Files or Directories, Execute Unauthorized Code or Commands, DoS: Crash, Exit and or Restart, leading to outcomes such as Scope: Integrity, Confidentiality The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker., Confidentiality, Availability The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code. and Scope: Availability The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file.

How do you prevent or mitigate CWE-73: External Control of File Name or Path?+

Recommended mitigations for CWE-73 include: When the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to "inbox.txt" and ID 2 could map to "profile.txt". Features such as the ESAPI AccessReferenceMap provide this capability. Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory. Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection. This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise. Be careful to avoid CWE-243 and other weaknesses related to jails. For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602 . Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Which programming languages are affected by CWE-73: External Control of File Name or Path?+

CWE-73 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-73 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More