CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,532 vulnerabilities with CWE-59
CVE-2000-0715
diskcheck.pl - Arbitrary File Write via Symlink Attack
CVE-2000-0342 HIGH
Qualcomm Eudora 4.x - Improper Link Resolution Before File Access
CVSS 7.5
CVE-1999-1593
Windows 2000 - Denial of Service and Credential Theft via WINS 1Ch Registration
CVE-1999-1386 MEDIUM
Perl <5.004_04 - Local Privilege Escalation
CVSS 5.5
CVE-1999-0981
Internet Explorer < 5.01 - Local File Access via Server-side Page Reference Redirect
CVE-1999-0794
Microsoft Excel - Unauthenticated Arbitrary Macro Execution via SYLK File
CVE-1999-0783 MEDIUM
FreeBSD - Denial of Service via Hard Link to Device Special File
CVSS 5.5
Details
Vulnerabilities 1,532
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits