Path Equivalence: '/./' (Single Dot Directory)
Weakness ID: 55 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2000-0004
CVE-2002-0304
BID:6042
CVE-1999-1083Possibly (could be a cleansing error)
CVE-2004-0815"/./////etc" cleansed to ".///etc" then "/etc"
CVE-2002-0112
+ Potential Mitigations

see the vulnerability category "Path Equivalence"

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVER/./ (single dot directory)
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Path Issue - Single Dot Directory - /./
Back to top