Path Equivalence: 'filename.' (Trailing Dot) |
Weakness ID: 42 (Weakness Variant) | Status: Incomplete |
Description Summary
A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Reference | Description |
---|---|
CVE-2000-1114 | Source code disclosure using trailing dot |
CVE-2002-1986, | Source code disclosure using trailing dot |
CVE-2004-2213 | Source code disclosure using trailing dot |
CVE-2005-3293 | Source code disclosure using trailing dot |
CVE-2004-0061 | Bypass directory access restrictions using trailing dot in URL |
CVE-2000-1133 | Bypass directory access restrictions using trailing dot in URL |
CVE-2001-1386 | Bypass check for ".lnk" extension using ".lnk." |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 41 | Improper Resolution of Path Equivalence | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Variant | 162 | Improper Sanitization of Trailing Special Elements | Research Concepts1000 |
ParentOf | Weakness Variant | 43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Path Issue - Trailing Dot - 'filedir.' | |||