|
|
|
|
CWE-52 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 52 (Weakness Variant) | | Description | Summary A software system that accepts path input in the form of multiple trailing slash
('/multiple/trailing/slash//') without appropriate validation can lead to ambiguous path
resolution and allow an attacker to traverse the file system to unintended locations or access
arbitrary files. | | Potential Mitigations | see the vulnerability category "Path Equivalence" | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-1078 | Directory listings in web server using multiple trailing slash |
| | Relationships | | | Source Taxonomies | PLOVER - /multiple/trailing/slash// ('multiple trailing slash') | | Applicable Platforms | All |
|