CWE-706: Use of Incorrectly-Resolved Name or Reference

Class Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

常见后果

影响范围: Confidentiality Integrity

技术影响: Read Application Data Modify Application Data

引入模式

阶段 说明
Architecture and Design -
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)
关键信息

CWE ID: CWE-706

抽象级别: Class

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-664

Improper Control of a Resource Through its Lifetime

Pillar
PeerOf CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

Class
相关攻击模式
CAPEC-159 CAPEC-177 CAPEC-48 CAPEC-641
返回列表