Live Active security incident? Get immediate response
CWE Reference

CWE-66: Improper Handling of File Names that Identify Virtual Resources

Official CWE-66 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.

Release 4.20weaknessDraft
Search CWE CWE Dictionary

Glexia's Take

CWE-66: Improper Handling of File Names that Identify Virtual Resources

Improper Handling of File Names that Identify Virtual Resources represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Other: Other

Developer Pattern

CWE-66 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Confidence

high confidence from CWE-66, 4.20.

Official CWE Definition

CWE-66: Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

Type
weakness
Abstraction
Base
Status
Draft
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • Consider a web server that uses the Apple HFS+ file system. It interprets FILE.cgi as processing instructions. An adversary could request "FILE.cgi/..namedfork/data" to prevent FILE.cgi from being executed, instead disclosing the source code for FILE.cgi. This might occur because the web server invokes the default handler which may return the contents of the file.

Remediation

  • Use safe APIs
  • Centralize the control
  • Add regression tests
  • Review logs and telemetry for attempted abuse

Detection

  • Automated Static Analysis - Binary or Bytecode: [object Object]
  • Manual Static Analysis - Binary or Bytecode: [object Object]
  • Dynamic Analysis with Automated Results Interpretation: [object Object]
  • Dynamic Analysis with Manual Results Interpretation: [object Object]
  • Manual Static Analysis - Source Code: [object Object]
  • Automated Static Analysis - Source Code: [object Object]
  • Architecture or Design Review: [object Object]

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.