CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-893: SFP Cluster: Path Resolution

 
SFP Cluster: Path Resolution
Category ID: 893 (Category)Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Path Resolution cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base23Relative Path Traversal
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant24Path Traversal: '../filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant25Path Traversal: '/../filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant26Path Traversal: '/dir/../filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant27Path Traversal: 'dir/../../filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant28Path Traversal: '..\filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant29Path Traversal: '\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant30Path Traversal: '\dir\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant31Path Traversal: 'dir\..\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant32Path Traversal: '...' (Triple Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant33Path Traversal: '....' (Multiple Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant34Path Traversal: '....//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant35Path Traversal: '.../...//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base36Absolute Path Traversal
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant37Path Traversal: '/absolute/pathname/here'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant38Path Traversal: '\absolute\pathname\here'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant39Path Traversal: 'C:dirname'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant40Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant42Path Equivalence: 'filename.' (Trailing Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant43Path Equivalence: 'filename....' (Multiple Trailing Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant44Path Equivalence: 'file.name' (Internal Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant45Path Equivalence: 'file...name' (Multiple Internal Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant46Path Equivalence: 'filename ' (Trailing Space)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant47Path Equivalence: ' filename' (Leading Space)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant48Path Equivalence: 'file name' (Internal Whitespace)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant49Path Equivalence: 'filename/' (Trailing Slash)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant50Path Equivalence: '//multiple/leading/slash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant51Path Equivalence: '/multiple//internal/slash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant52Path Equivalence: '/multiple/trailing/slash//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant53Path Equivalence: '\multiple\\internal\backslash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant54Path Equivalence: 'filedir\' (Trailing Backslash)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant55Path Equivalence: '/./' (Single Dot Directory)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant56Path Equivalence: 'filedir*' (Wildcard)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant57Path Equivalence: 'fakedir/../realdir/filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant58Path Equivalence: Windows 8.3 Filename
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant62UNIX Hard Link
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant64Windows Shortcut Following (.LNK)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant65Windows Hard Link
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant67Improper Handling of Windows Device Names
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant71Apple '.DS_Store'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant72Improper Handling of Apple HFS+ Alternate Data Stream Path
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class73External Control of File Name or Path
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant243Creation of chroot Jail Without Changing Working Directory
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base428Unquoted Search Path or Element
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class610Externally Controlled Reference to a Resource in Another Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class706Use of Incorrectly-Resolved Name or Reference
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView888Software Fault Pattern (SFP) Clusters
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2012-03-22Internal CWE Team
Modifications
Modification DateModifierOrganizationSource
2013-07-17CWE Content TeamMITREInternal
updated Related_Attack_Patterns
Page Last Updated: February 18, 2014