Insecure Temporary File| ID: 377 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Base |
Description
Creating and using insecure temporary files can leave
application and system data vulnerable to attack.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| ConfidentialityIntegrity | Read files or
directoriesModify files or
directories | |
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-377 ChildOf CWE-895 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code uses a temporary file for storing intermediate
data gathered from the network before it is processed.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| 7 Pernicious Kingdoms | | Insecure Temporary File | |
| CERT Java Secure Coding | FIO00-J | Do not operate on files in shared
directories | |
References:
- M. Howard D. LeBlanc .Writing Secure Code 2nd Edition. Microsoft. Section:'Chapter 23, "Creating Temporary Files Securely" Page
682'. Published on 2002.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 9, "Temporary Files", Page 538.'. Published on 2006.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 11, "File Squatting", Page 662.'. Published on 2006.
