CWE-43 路径等价:'filename....' (多个尾部的点号)

Path Equivalence: 'filename....' (Multiple Trailing Dot)

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

A software system that accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 42 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 42 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 163 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Files or Directories', 'Modify Files or Directories']

分析过的案例

标识 说明 链接
BUGTRAQ:20040205 Apache + Resin Reveals JSP Source Code ... http://marc.info/?l=bugtraq&m=107605633904122&w=2
CVE-2004-0281 Multiple trailing dot allows directory listing https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0281

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Multiple Trailing Dot - 'filedir....'
Software Fault Patterns SFP16 Path Traversal