CWE-58: Path Equivalence: Windows 8.3 Filename

Overview

CWE-58 (Path Equivalence: Windows 8.3 Filename) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename.

Background details

Extended context from the CWE catalog (rendered from MITRE XHTML).

On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Windows Undetermined
technology Not Technology-Specific Undetermined

Previous names

  • Path Issue - Windows 8.3 Filename (2008-04-11)

Content submission

Name
PLOVER
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Relationships, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, References
2018-03-27 CWE Content Team 3.1 updated References
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Background_Details, Description, Weakness_Ordinalities
cvelogic Threat Intelligence