Pathname Traversal and Equivalence Errors |
Category ID: 21 (Category) | Status: Incomplete |
Description Summary
Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).
Extended Description
Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels.
Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 20 | Improper Input Validation | Development Concepts (primary)699 |
ParentOf | Weakness Class | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Development Concepts (primary)699 |
ParentOf | Weakness Base | 41 | Improper Resolution of Path Equivalence | Development Concepts (primary)699 |
ParentOf | Weakness Base | 59 | Improper Link Resolution Before File Access ('Link Following') | Development Concepts (primary)699 |
ParentOf | Weakness Base | 66 | Improper Handling of File Names that Identify Virtual Resources | Development Concepts (primary)699 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Pathname Traversal and Equivalence Errors |