Path Equivalence: 'filename/' (Trailing Slash)
Weakness ID: 49 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
+ Time of Introduction
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2002-0253Overlaps infoleak
CVE-2004-1101Failure to handle filename request with trailing "/" causes multiple consequences, including server crash and a Visual Basic error message that enables XSS and information leak.
CVE-2001-0446
CVE-2004-0334Bypass Basic Authentication for files using trailing "/"
CVE-2001-0893Read sensitive files with trailing "/"
CVE-2001-0892
CVE-2004-1814
BID:3518
+ Potential Mitigations

see the vulnerability category "Path Equivalence"

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness VariantWeakness Variant162Improper Sanitization of Trailing Special Elements
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERfiledir/ (trailing slash, trailing /)
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2008-11-24CWE Content TeamMITREInternal
updated Observed Examples
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Path Issue - Trailing Slash - filedir/
Back to top