The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. 1000 Weakness ChildOf 664 699 Category ChildOf 265 888 Category ChildOf 893 This is a general class of weakness, but most research is focused on more specialized cases, such as path traversal (CWE-22) and symlink following (CWE-61). A symbolic link has a name; in general, it appears like any other file in the file system. However, the link includes a reference to another file, often in another directory - perhaps in another sphere of control. Many common library functions that accept filenames will "follow" a symbolic link and use the link's target instead. Architecture and Design Confidentiality Integrity Read application data Modify application data 219 Anonymous Tool Vendor (under NDA) CWE Content Team MITRE 2008-09-08 updated Relationships, Other_Notes, Taxonomy_Mappings CWE Content Team MITRE 2009-10-29 updated Other_Notes, Relationship_Notes CWE Content Team MITRE 2010-04-05 updated Related_Attack_Patterns CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Relationships Externally Controlled Reference to an Internal Resource