CWE-552 对外部实体的文件或目录可访问

Files or Directories Accessible to External Parties

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

Files or directories are accessible in the environment that should not be.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 668 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 668 cwe_View_ID: 1003 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 668 cwe_View_ID: 699 cwe_Ordinal: Primary

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Files or Directories', 'Modify Files or Directories']

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
OWASP Top Ten 2004 A10 CWE More Specific Insecure Configuration Management
CERT C Secure Coding FIO15-C Ensure that file operations are performed in a secure directory

相关攻击模式

  • CAPEC-150
  • CAPEC-509
  • CAPEC-639