|
|
|
|
CWE-46 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 46 (Weakness Variant) | | Description | Summary A software system that accepts path input in the form of trailing space ('filedir ')
without appropriate validation can lead to ambiguous path resolution and allow an attacker to
traverse the file system to unintended locations or access arbitrary files. | | Potential Mitigations | see the vulnerability category "Path Equivalence" | | Observed Examples | | Reference | Description |
|---|
| CVE-2001-0693 | Source disclosure via trailing encoded space "%20" | | CVE-2001-0778 | Source disclosure via trailing encoded space "%20" | | CVE-2001-1248 | Source disclosure via trailing encoded space "%20" | | CVE-2004-0280 | Source disclosure via trailing encoded space "%20" | | CVE-2004-2213 | Source disclosure via trailing encoded space "%20" | | CVE-2005-0622 | Source disclosure via trailing encoded space "%20" | | CVE-2005-1656 | Source disclosure via trailing encoded space "%20" | | CVE-2002-1603 | Source disclosure via trailing encoded space "%20" | | CVE-2001-0054 | Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server
using Web encodings such as "%20"; certain manipulations have unusual side effects. | | CVE-2002-1451 | Trailing space ("+" in query string) leads to source code disclosure. |
| | Relationships | | | Source Taxonomies | PLOVER - Trailing Space - 'filedir ' | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
