CWE-434Unrestricted Upload of File with Dangerous Type

Description

Common consequences· 1

• Integrity / Confidentiality / Availability — Execute Unauthorized Code or Commands
  Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for web-server extensions such as .asp and .php because these file types are often treated as automatically executable, even when file system permissions do not specify execution. For example, in Unix environments, programs typically cannot run unless the execute bit is set, but PHP programs may be executed by the web server without directly invoking them on the operating system.

Potential mitigations· 5

• [Architecture and Design]Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]
• [Architecture and Design]When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
• [Architecture and Design]Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]
• [Implementation]
• [Architecture and Design]Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types.

Related CAPEC attack patterns· 1

Exploits (incoming)1

Compliance frameworks addressing this (incoming)11

(incoming)138

Showing top 30 of 138 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.