CWE-69 2 个 CVE MITRE 定义 ↗

CWE-69:Improper Handling of Windows ::DATA Alternate Data Stream

概览

CWE-69(Improper Handling of Windows ::DATA Alternate Data Stream)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

背景详情

来自 CWE 目录的扩展上下文(由 MITRE XHTML 渲染)。

Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Windows Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2025-3941 2025-05-22 Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This iss…
CVE-2024-43033 2024-08-21 JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.co…

曾用名

  • Windows ::DATA Alternate Data Stream (2008-04-11)
  • Failure to Handle Windows ::DATA Alternate Data Stream (2010-12-13)

内容提交

名称
PLOVER
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description
2009-10-29 CWE Content Team 1.6 updated Other_Notes, Theoretical_Notes
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2010-12-13 CWE Content Team 1.11 updated Name
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, References, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, References, Relationships
2018-03-27 CWE Content Team 3.1 updated References
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated References, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Potential_Mitigations, Weakness_Ordinalities
cvelogic Threat Intelligence