CVEbaza.plCWE DictionaryCWE-66
Common Weakness Enumeration

CWE-66

Improper Handling of File Names that Identify Virtual Resources

Category: BaseCVE: 1
Description

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

Extended Description

Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.

CVE vulnerabilities with CWE-66 (1)
10.0
CVSS
CRITICAL
CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

pub. 2024-12-02
Information
ID: CWE-66
Type: Base
Vulnerabilities: 1
MITRE CWE ↗
← CWE Dictionary