CWE-69 – Improper Handling of Windows ::DATA Alternate Data Stream | Common Weakness Enumeration（CWE）

概要

CWE-69（Improper Handling of Windows ::DATA Alternate Data Stream）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

背景の詳細

CWE カタログからの補足説明（MITRE XHTML を基に表示）。

Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Windows	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2025-3941	2025-05-22	Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This iss…
CVE-2024-43033	2024-08-22	JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.co…

旧名称

Windows ::DATA Alternate Data Stream (2008-04-11)
Failure to Handle Windows ::DATA Alternate Data Stream (2010-12-13)

コンテンツ投稿

名称: PLOVER
日付: 2006-07-19
バージョン: Draft 3

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2008-07-01	Eric Dalci	1.0	—	updated Time_of_Introduction
2008-09-08	CWE Content Team	1.0	—	updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings
2008-10-14	CWE Content Team	1.0.1	—	updated Description
2009-10-29	CWE Content Team	1.6	—	updated Other_Notes, Theoretical_Notes
2010-04-05	CWE Content Team	1.8.1	—	updated Related_Attack_Patterns
2010-12-13	CWE Content Team	1.11	—	updated Name
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2012-05-11	CWE Content Team	2.2	—	updated Observed_Examples, References, Relationships
2012-10-30	CWE Content Team	2.3	—	updated Potential_Mitigations
2017-11-08	CWE Content Team	3.0	—	updated Applicable_Platforms, References, Relationships
2018-03-27	CWE Content Team	3.1	—	updated References
2019-01-03	CWE Content Team	3.2	—	updated Related_Attack_Patterns
2020-02-24	CWE Content Team	4.0	—	updated Relationships
2023-01-31	CWE Content Team	4.10	—	updated Description
2023-04-27	CWE Content Team	4.11	—	updated References, Relationships, Time_of_Introduction
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-09-09	CWE Content Team	4.18	—	updated Affected_Resources, Functional_Areas
2025-12-11	CWE Content Team	4.19	—	updated Detection_Factors, Potential_Mitigations, Weakness_Ordinalities