CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: SFP Secondary Cluster: Path Traversal

Category ID: 981
Status: Incomplete
+ Summary
This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory893SFP Primary Cluster: Path Resolution
HasMemberClassClass22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberBaseBase23Relative Path Traversal
HasMemberVariantVariant24Path Traversal: '../filedir'
HasMemberVariantVariant25Path Traversal: '/../filedir'
HasMemberVariantVariant26Path Traversal: '/dir/../filename'
HasMemberVariantVariant27Path Traversal: 'dir/../../filename'
HasMemberVariantVariant28Path Traversal: '..\filedir'
HasMemberVariantVariant29Path Traversal: '\..\filename'
HasMemberVariantVariant30Path Traversal: '\dir\..\filename'
HasMemberVariantVariant31Path Traversal: 'dir\..\..\filename'
HasMemberVariantVariant32Path Traversal: '...' (Triple Dot)
HasMemberVariantVariant33Path Traversal: '....' (Multiple Dot)
HasMemberVariantVariant34Path Traversal: '....//'
HasMemberVariantVariant35Path Traversal: '.../...//'
HasMemberBaseBase36Absolute Path Traversal
HasMemberVariantVariant37Path Traversal: '/absolute/pathname/here'
HasMemberVariantVariant38Path Traversal: '\absolute\pathname\here'
HasMemberVariantVariant39Path Traversal: 'C:dirname'
HasMemberVariantVariant40Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
HasMemberBaseBase41Improper Resolution of Path Equivalence
HasMemberVariantVariant42Path Equivalence: 'filename.' (Trailing Dot)
HasMemberVariantVariant43Path Equivalence: 'filename....' (Multiple Trailing Dot)
HasMemberVariantVariant44Path Equivalence: 'file.name' (Internal Dot)
HasMemberVariantVariant45Path Equivalence: 'file...name' (Multiple Internal Dot)
HasMemberVariantVariant46Path Equivalence: 'filename ' (Trailing Space)
HasMemberVariantVariant47Path Equivalence: ' filename' (Leading Space)
HasMemberVariantVariant48Path Equivalence: 'file name' (Internal Whitespace)
HasMemberVariantVariant49Path Equivalence: 'filename/' (Trailing Slash)
HasMemberVariantVariant50Path Equivalence: '//multiple/leading/slash'
HasMemberVariantVariant51Path Equivalence: '/multiple//internal/slash'
HasMemberVariantVariant52Path Equivalence: '/multiple/trailing/slash//'
HasMemberVariantVariant53Path Equivalence: '\multiple\\internal\backslash'
HasMemberVariantVariant54Path Equivalence: 'filedir\' (Trailing Backslash)
HasMemberVariantVariant55Path Equivalence: '/./' (Single Dot Directory)
HasMemberVariantVariant56Path Equivalence: 'filedir*' (Wildcard)
HasMemberVariantVariant57Path Equivalence: 'fakedir/../realdir/filename'
HasMemberVariantVariant58Path Equivalence: Windows 8.3 Filename
HasMemberBaseBase66Improper Handling of File Names that Identify Virtual Resources
HasMemberVariantVariant67Improper Handling of Windows Device Names
HasMemberVariantVariant72Improper Handling of Apple HFS+ Alternate Data Stream Path
HasMemberClassClass73External Control of File Name or Path
HasMemberBaseBase428Unquoted Search Path or Element
HasMemberClassClass706Use of Incorrectly-Resolved Name or Reference
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29CWE Content TeamMITRE

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017