Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-34 |
Path Traversal: '....//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-33 |
Path Traversal: '....' (Multiple Dot)
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple dot) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-32 |
Path Traversal: '...' (Triple Dot)
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-58 |
Path Equivalence: Windows 8.3 Filename
The product contains a protection mechanism that restricts access to a long filename on a Windows operating system, but it does not properly restrict access to the equivalent short "8.3" filename. |
|
| CWE-49 |
Path Equivalence: 'filename/' (Trailing Slash)
The product accepts path input in the form of trailing slash ('filedir/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-43 |
Path Equivalence: 'filename....' (Multiple Trailing Dot)
The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-42 |
Path Equivalence: 'filename.' (Trailing Dot)
The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-46 |
Path Equivalence: 'filename ' (Trailing Space)
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-54 |
Path Equivalence: 'filedir\' (Trailing Backslash)
The product accepts path input in the form of trailing backslash ('filedir\') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-56 |
Path Equivalence: 'filedir*' (Wildcard)
The product accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-44 |
Path Equivalence: 'file.name' (Internal Dot)
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-45 |
Path Equivalence: 'file...name' (Multiple Internal Dot)
The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-48 |
Path Equivalence: 'file name' (Internal Whitespace)
The product accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-57 |
Path Equivalence: 'fakedir/../realdir/filename'
The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file. |
|
| CWE-53 |
Path Equivalence: '\multiple\\internal\backslash'
The product accepts path input in the form of multiple internal backslash ('\multiple\trailing\\slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-52 |
Path Equivalence: '/multiple/trailing/slash//'
The product accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-51 |
Path Equivalence: '/multiple//internal/slash'
The product accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-50 |
Path Equivalence: '//multiple/leading/slash'
The product accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-55 |
Path Equivalence: '/./' (Single Dot Directory)
The product accepts path input in the form of single dot directory exploit ('/./') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-47 |
Path Equivalence: ' filename' (Leading Space)
The product accepts path input in the form of leading space (' filedir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |