CWE-48 路径等价:'filename'(内部空格)
Path Equivalence: 'file name' (Internal Whitespace)
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
A software system that accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Integrity'] | ['Read Files or Directories', 'Modify Files or Directories'] |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2000-0293 | Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293 |
| CVE-2001-1567 | "+" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567 |
Notes
Relationship This weakness is likely to overlap quoting problems, e.g. the "Program Files" unquoted search path (CWE-428). It also could be an equivalence issue if filtering removes all extraneous spaces. Relationship Whitespace can be a factor in other weaknesses not directly related to equivalence. It can also be used to spoof icons or hide files with dangerous names (see icon manipulation and visual truncation in CWE-451).
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | file(SPACE)name (internal space) | ||
| OWASP Top Ten 2004 | A9 | CWE More Specific | Denial of Service |
| Software Fault Patterns | SFP16 | Path Traversal |