CWE-386: Symbolic Name not Mapping to Correct Object
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: The attacker can gain access to otherwise unauthorized resources.
影响范围: Integrity Confidentiality Other
技术影响: Modify Application Data Modify Files or Directories Read Application Data Read Files or Directories Other
说明: Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
影响范围: Integrity Other
技术影响: Modify Application Data Other
说明: The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
影响范围: Non-Repudiation
技术影响: Hide Activities
说明: If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
影响范围: Non-Repudiation Integrity
技术影响: Modify Files or Directories
说明: In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Symbolic name not mapping to correct object | - |