CWE-69
Improper Handling of Windows ::DATA Alternate Data Stream
Description
The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).
An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Bypass Protection Mechanism, Hide Activities, Other
Potential Mitigations
Ensure that the source code correctly parses the filename to read or write to the correct stream.
CVE-1999-0278In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-2000-0927Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now