CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: SFP Secondary Cluster: Path Traversal

Category ID: 981
Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory893SFP Primary Cluster: Path Resolution
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base23Relative Path Traversal
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant24Path Traversal: '../filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant25Path Traversal: '/../filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant26Path Traversal: '/dir/../filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant27Path Traversal: 'dir/../../filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant28Path Traversal: '..\filedir'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant29Path Traversal: '\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant30Path Traversal: '\dir\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant31Path Traversal: 'dir\..\..\filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant32Path Traversal: '...' (Triple Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant33Path Traversal: '....' (Multiple Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant34Path Traversal: '....//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant35Path Traversal: '.../...//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base36Absolute Path Traversal
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant37Path Traversal: '/absolute/pathname/here'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant38Path Traversal: '\absolute\pathname\here'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant39Path Traversal: 'C:dirname'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant40Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant42Path Equivalence: 'filename.' (Trailing Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant43Path Equivalence: 'filename....' (Multiple Trailing Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant44Path Equivalence: 'file.name' (Internal Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant45Path Equivalence: 'file...name' (Multiple Internal Dot)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant46Path Equivalence: 'filename ' (Trailing Space)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant47Path Equivalence: ' filename' (Leading Space)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant48Path Equivalence: 'file name' (Internal Whitespace)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant49Path Equivalence: 'filename/' (Trailing Slash)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant50Path Equivalence: '//multiple/leading/slash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant51Path Equivalence: '/multiple//internal/slash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant52Path Equivalence: '/multiple/trailing/slash//'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant53Path Equivalence: '\multiple\\internal\backslash'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant54Path Equivalence: 'filedir\' (Trailing Backslash)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant55Path Equivalence: '/./' (Single Dot Directory)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant56Path Equivalence: 'filedir*' (Wildcard)
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant57Path Equivalence: 'fakedir/../realdir/filename'
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant58Path Equivalence: Windows 8.3 Filename
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant67Improper Handling of Windows Device Names
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant72Improper Handling of Apple HFS+ Alternate Data Stream Path
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class73External Control of File Name or Path
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base428Unquoted Search Path or Element
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class706Use of Incorrectly-Resolved Name or Reference
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29Internal CWE Team

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017