[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

116471

 
 

909

 
 

91176

 
 

140

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Pathname Traversal and Equivalence Errors

ID: 21Date: (C)2012-05-14   (M)2018-02-19
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).

Extended Description

Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
  Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
 
  

Relationships

Related CWETypeViewChain
CWE-21 ChildOf CWE-20 Weakness CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Pathname Traversal and Equivalence Errors
 
 

References:
None

© SecPod Technologies