[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Pathname Traversal and Equivalence Errors

ID: 21Date: (C)2012-05-14   (M)2016-11-29
Type: categoryStatus: INCOMPLETE





Description

Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).

Extended Description

Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels.

Applicable Platforms
Language Class: All

Related Attack Patterns

Common Consequences
None

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
  Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
 
  

Relationships

Related CWETypeViewChain
CWE-21 ChildOf CWE-20 Weakness CWE-699  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Pathname Traversal and Equivalence Errors
 
 

References:
None

© 2013 SecPod Technologies