Absolute Path Traversal |
Weakness ID: 36 (Weakness Base) | Status: Draft |
Description Summary
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly sanitize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Extended Description
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Example 1
In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.
(Bad Code)
Example Language: Java
String filename = System.getProperty("com.domain.application.dictionaryFile");
File dictionaryFile = new File(filename);
However, the path is not sanitized before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory.
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 37 | Path Traversal: '/absolute/pathname/here' | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 38 | Path Traversal: '\absolute\pathname\here' | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 39 | Path Traversal: 'C:dirname' | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description |