1. Home
  2. CWE Database
  3. CWE-69
Variant · Low-Medium

CWE-69: Improper Handling of Windows ::DATA Alternate Data Stream

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

CWE-69 · Variant Level ·2 CVEs ·1 Mitigations

Description

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.

Potential Impact

Access Control, Non-Repudiation, Other

Bypass Protection Mechanism, Hide Activities, Other

Mitigations & Prevention

Implementation

Ensure that the source code correctly parses the filename to read or write to the correct stream.

Detection Methods

  • Automated Analysis — Software tools are capable of finding ADSs on your system.

Real-World CVE Examples

CVE IDDescription
CVE-1999-0278In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-2000-0927Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

CWE-66: Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly...

Taxonomy Mappings

  • PLOVER: — Windows ::DATA alternate data stream

Frequently Asked Questions

What is CWE-69?

CWE-69 (Improper Handling of Windows ::DATA Alternate Data Stream) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

How can CWE-69 be exploited?

Attackers can exploit CWE-69 (Improper Handling of Windows ::DATA Alternate Data Stream) to bypass protection mechanism, hide activities, other. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-69?

Key mitigations include: Ensure that the source code correctly parses the filename to read or write to the correct stream.

What is the severity of CWE-69?

CWE-69 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 2 real-world CVEs.