Path Equivalence: 'file...name' (Multiple Internal Dot)
Weakness ID: 45 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A software system that accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Potential Mitigations

see the vulnerability category "Path Equivalence"

+ Other Notes

This variant does not have any easily findable, publicly reported vulnerabilities, but it can be an effective manipulation in weaknesses such as validate-before-cleanse, which might use a regular expression that removes ".." sequences from a string to produce an unexpected string.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness VariantWeakness Variant44Path Equivalence: 'file.name' (Internal Dot)
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness VariantWeakness Variant165Improper Sanitization of Multiple Internal Special Elements
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERMultiple Internal Dot - 'file...dir'
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-05-27CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Path Issue - Multiple Internal Dot - 'file...dir'