|
Status: Incomplete Category ID: 21 (Category)Description Summary Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered. The manipulations generally involve special characters or sequences in pathnames, or the use of alternate references or channels. They can be used to access files outside of a restricted directory (path traversal or link following) or to access files that are otherwise protected (path equivalence). Potential Mitigations Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system. Relationships
Taxonomy Mappings
Applicable Platforms Languages All Related Attack Patterns
Content History Submissions PLOVER. (Externally Mined) Modifications CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Taxonomy_Mappings, Type |
|
|
|||