CWE-58
Path Equivalence: Windows 8.3 Filename
Description
The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Files or Directories, Modify Files or Directories
Potential Mitigations
Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames.
CVE-1999-0012Multiple web servers allow restriction bypass using 8.3 names instead of long names
CVE-2001-0795Source code disclosure using 8.3 file name.
CVE-2005-0471Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now