Path Equivalence: 'filename ' (Trailing Space) |
Weakness ID: 46 (Weakness Variant) | Status: Incomplete |
Description Summary
A software system that accepts path input in the form of trailing space ('filedir ') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Reference | Description |
---|---|
CVE-2001-0693 | Source disclosure via trailing encoded space "%20" |
CVE-2001-0778 | Source disclosure via trailing encoded space "%20" |
CVE-2001-1248 | Source disclosure via trailing encoded space "%20" |
CVE-2004-0280 | Source disclosure via trailing encoded space "%20" |
CVE-2004-2213 | Source disclosure via trailing encoded space "%20" |
CVE-2005-0622 | Source disclosure via trailing encoded space "%20" |
CVE-2005-1656 | Source disclosure via trailing encoded space "%20" |
CVE-2002-1603 | Source disclosure via trailing encoded space "%20" |
CVE-2001-0054 | Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects. |
CVE-2002-1451 | Trailing space ("+" in query string) leads to source code disclosure. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 41 | Improper Resolution of Path Equivalence | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Variant | 162 | Improper Sanitization of Trailing Special Elements | Research Concepts1000 |
CanPrecede | Weakness Variant | 289 | Authentication Bypass by Alternate Name | Research Concepts1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Path Issue - Trailing Space - 'filedir ' | |||