CVEbaza.plCWE DictionaryCWE-69
Common Weakness Enumeration

CWE-69

Improper Handling of Windows ::DATA Alternate Data Stream

Category: VariantCVE: 2
Description

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).

Extended Description

An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.

CVE vulnerabilities with CWE-69 (2)
8.8
CVSS
HIGH
CVE-2024-43033

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

pub. 2024-08-22
5.4
CVSS
MEDIUM
CVE-2025-3941

Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

pub. 2025-05-22
Information
ID: CWE-69
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary