Path Equivalence: 'fakedir/../realdir/filename'
Weakness ID: 57 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2001-1152
CVE-2000-0191application check access for restricted URL before canonicalization
CVE-2005-1366CGI source disclosure using "dirname/../cgi-bin"
+ Potential Mitigations

see the vulnerability category "Path Equivalence"

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Development Concepts (primary)699
Research Concepts (primary)1000
+ Theoretical Notes

This is a manipulation that uses an injection for one consequence (containment violation using relative path) to achieve a different consequence (equivalence by alternate name).

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERdirname/fakechild/../realchild/filename
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description, Name, Observed Examples, Other Notes, Theoretical Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Path Issue - dirname/fakechild/../realchild/filename
2008-10-14Path Equivalence: 'dirname/fakechild/../realchild/filename'
Back to top