1. Home
  2. CWE Database
  3. CWE-72
Variant · Low-Medium

CWE-72: Improper Handling of Apple HFS+ Alternate Data Stream Path

The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

CWE-72 · Variant Level ·1 CVEs

Description

The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

If the product chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the product may take unexpected actions. Further, if the product intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.

Potential Impact

Confidentiality, Integrity

Read Files or Directories, Modify Files or Directories

Demonstrative Examples

Consider a web server that uses the Apple HFS+ file system. It interprets FILE.cgi as processing instructions.
An adversary could request "FILE.cgi/..namedfork/data" to prevent FILE.cgi from being executed, instead disclosing the source code for FILE.cgi. This might occur because the web server invokes the default handler which may return the contents of the file.

Real-World CVE Examples

CVE IDDescription
CVE-2004-1084Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.

CWE-66: Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly...

Frequently Asked Questions

What is CWE-72?

CWE-72 (Improper Handling of Apple HFS+ Alternate Data Stream Path) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

How can CWE-72 be exploited?

Attackers can exploit CWE-72 (Improper Handling of Apple HFS+ Alternate Data Stream Path) to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-72?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-72?

CWE-72 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.