CWE - CWE-36: Absolute Path Traversal (Draft 9)

Home > CWE List > CWE-36 Individual Dictionary Definition (Draft 9)

CWE-36 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

36 (Weakness Base)

Description

Summary

The software, when constructing file or directory names from input, does not properly sanitize absolute path sequences such as "/path/here."

Potential Mitigations

see "Path Traversal" (CWE-22)

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	22	Path Traversal
ParentOf	Weakness Variant	37	Path Traversal: '/absolute/pathname/here'
ParentOf	Weakness Variant	38	Path Traversal: '\absolute\pathname\here'
ParentOf	Weakness Variant	39	Path Traversal: 'C:dirname'
ParentOf	Weakness Variant	40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

Source Taxonomies

PLOVER - Absolute Path Traversal

Applicable Platforms

All

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us