CWE-67
Overview
- CWE ID
- 67
- CWE Name
- Improper Handling of Windows Device Names
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application atte
Extended Description
Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to
Related CWEs
| CWE ID | View ID | Nature | Ordinal |
|---|---|---|---|
| 66 | 1000 | ChildOf | Primary |