SFP Secondary Cluster: Path Traversal

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).

Weaknesses

Absolute Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such...

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Improper Handling of Apple HFS+ Alternate Data Stream Path

The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associa...

Improper Handling of Windows Device Names

The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This t...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but...

Improper Resolution of Path Equivalence

The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file an...

Path Equivalence: ' filename' (Leading Space)

A software system that accepts path input in the form of leading space (' filedir') without appropriate validation can lead to ambiguous path resolution and allow an a...

Path Equivalence: '/./' (Single Dot Directory)

A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path resolution and ...

Path Equivalence: '//multiple/leading/slash'

A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path ...

Path Equivalence: '/multiple//internal/slash'

A software system that accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation can lead to ambiguous pa...

Path Equivalence: '/multiple/trailing/slash//'

A software system that accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation can lead to ambiguous pa...

Path Equivalence: '\multiple\\internal\backslash'

A software system that accepts path input in the form of multiple internal backslash ('\multiple\trailing\\slash') without appropriate validation can lead to ambiguous...

Path Equivalence: 'fakedir/../realdir/filename'

The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../reald...

Path Equivalence: 'file name' (Internal Whitespace)

A software system that accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation can lead to ambiguous path resolution and al...

Path Equivalence: 'file...name' (Multiple Internal Dot)

A software system that accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation can lead to ambiguous path resolution and ...

Path Equivalence: 'file.name' (Internal Dot)

A software system that accepts path input in the form of internal dot ('file.ordir') without appropriate validation can lead to ambiguous path resolution and allow an ...

Path Equivalence: 'filedir*' (Wildcard)

A software system that accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation can lead to ambiguous path resolution and allow ...

Path Equivalence: 'filedir\' (Trailing Backslash)

A software system that accepts path input in the form of trailing backslash ('filedir\') without appropriate validation can lead to ambiguous path resolution and allow...

Path Equivalence: 'filename ' (Trailing Space)

A software system that accepts path input in the form of trailing space ('filedir ') without appropriate validation can lead to ambiguous path resolution and allow an ...

Path Equivalence: 'filename.' (Trailing Dot)

A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and allow an at...

Path Equivalence: 'filename....' (Multiple Trailing Dot)

A software system that accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation can lead to ambiguous path resolution and...

Path Equivalence: 'filename/' (Trailing Slash)

A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and allow an ...

Path Equivalence: Windows 8.3 Filename

The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access...

Path Traversal: '...' (Triple Dot)

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences...

Path Traversal: '....' (Multiple Dot)

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple dot) sequen...

Path Traversal: '....//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot sl...

Path Traversal: '.../...//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple ...

Path Traversal: '../filedir'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can res...

Path Traversal: '..\filedir'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can res...

Path Traversal: '/../filedir'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can re...

Path Traversal: '/absolute/pathname/here'

A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse ...

Path Traversal: '/dir/../filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences...

Path Traversal: '\..\filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading back...

Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file.

Path Traversal: '\absolute\pathname\here'

A software system that accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation can allow an attacker to trave...

Path Traversal: '\dir\..\filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading ...

Path Traversal: 'C:dirname'

An attacker can inject a drive letter or Windows volume letter ('C:dirname') into a software system to potentially redirect access to an unintended location or arbitra...

Path Traversal: 'dir/../../filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequ...

Path Traversal: 'dir\..\..\filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multip...

Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that ...

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access re...

Use of Incorrectly-Resolved Name or Reference

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.