1. Home
  2. CWE Database
  3. CWE-641
Base · Medium

CWE-641: Improper Restriction of Names for Files and Other Resources

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

CWE-641 · Base Level ·3 Mitigations

Description

The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client's browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.

Potential Impact

Integrity, Confidentiality, Availability

Execute Unauthorized Code or Commands

Confidentiality, Availability

Read Application Data, DoS: Crash, Exit, or Restart

Mitigations & Prevention

Architecture and Design

Do not allow users to control names of resources used on the server side.

Architecture and Design

Perform allowlist input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them.

Architecture and Design

Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed.

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input befor...

Taxonomy Mappings

  • Software Fault Patterns: SFP24 — Tainted input to command

Frequently Asked Questions

What is CWE-641?

CWE-641 (Improper Restriction of Names for Files and Other Resources) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

How can CWE-641 be exploited?

Attackers can exploit CWE-641 (Improper Restriction of Names for Files and Other Resources) to execute unauthorized code or commands. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-641?

Key mitigations include: Do not allow users to control names of resources used on the server side.

What is the severity of CWE-641?

CWE-641 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.