SFP Secondary Cluster: Path Traversal
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).
Weaknesses
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such ...
The product allows user input to control or influence paths or file names that are used in filesystem operations.
The product does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.
The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associa...
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This ty...
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory na...
The product accepts path input in the form of leading space (' filedir') without appropriate validation, which can lead to ambiguous path resolution and allow an attac...
The product accepts path input in the form of single dot directory exploit ('/./') without appropriate validation, which can lead to ambiguous path resolution and allo...
The product accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation, which can lead to ambiguous path reso...
The product accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation, which can lead to ambiguous path r...
The product accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation, which can lead to ambiguous path r...
The product accepts path input in the form of multiple internal backslash ('\multiple\trailing\\slash') without appropriate validation, which can lead to ambiguous pat...
The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdi...
The product accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation, which can lead to ambiguous path resolution and allow ...
The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allo...
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an atta...
The product accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation, which can lead to ambiguous path resolution and allow an a...
The product accepts path input in the form of trailing backslash ('filedir\') without appropriate validation, which can lead to ambiguous path resolution and allow an ...
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an atta...
The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attack...
The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and all...
The product accepts path input in the form of trailing slash ('filedir/') without appropriate validation, which can lead to ambiguous path resolution and allow an atta...
The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple dot) sequenc...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot sla...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple d...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can reso...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can reso...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can res...
The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backs...
The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file.
The product accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation, which can allow an attacker to traverse ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading b...
The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary ...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" seque...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multipl...
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that c...
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access re...
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Concepts
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.