The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.
Time of Introduction
Technical Impact: Read files or
directories; Modify files or
Proxy allows remote attackers to bypass blacklist
restrictions and connect to unauthorized web servers by modifying the
requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the
desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass whitelist validation schemes by introducing dangerous inputs after they have been checked.