Path Equivalence: 'filename/' (Trailing Slash) |
Weakness ID: 49 (Weakness Variant) | Status: Incomplete |
Description Summary
A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Reference | Description |
---|---|
CVE-2002-0253 | Overlaps infoleak |
CVE-2004-1101 | Failure to handle filename request with trailing "/" causes multiple consequences, including server crash and a Visual Basic error message that enables XSS and information leak. |
CVE-2001-0446 | |
CVE-2004-0334 | Bypass Basic Authentication for files using trailing "/" |
CVE-2001-0893 | Read sensitive files with trailing "/" |
CVE-2001-0892 | |
CVE-2004-1814 | |
BID:3518 |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 41 | Improper Resolution of Path Equivalence | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Variant | 162 | Improper Sanitization of Trailing Special Elements | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | filedir/ (trailing slash, trailing /) |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Observed Examples | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Path Issue - Trailing Slash - filedir/ | |||