Path Equivalence: 'filename ' (Trailing Space)
Weakness ID: 46 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A software system that accepts path input in the form of trailing space ('filedir ') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2001-0693Source disclosure via trailing encoded space "%20"
CVE-2001-0778Source disclosure via trailing encoded space "%20"
CVE-2001-1248Source disclosure via trailing encoded space "%20"
CVE-2004-0280Source disclosure via trailing encoded space "%20"
CVE-2004-2213Source disclosure via trailing encoded space "%20"
CVE-2005-0622Source disclosure via trailing encoded space "%20"
CVE-2005-1656Source disclosure via trailing encoded space "%20"
CVE-2002-1603Source disclosure via trailing encoded space "%20"
CVE-2001-0054Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.
CVE-2002-1451Trailing space ("+" in query string) leads to source code disclosure.
+ Potential Mitigations

see the vulnerability category "Path Equivalence"

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness VariantWeakness Variant162Improper Sanitization of Trailing Special Elements
Research Concepts1000
CanPrecedeWeakness VariantWeakness Variant289Authentication Bypass by Alternate Name
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERTrailing Space - 'filedir '
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Path Issue - Trailing Space - 'filedir '