CWE-46 - Path Equivalence: 'filename ' (Trailing Space)

CWE ID:

CWE-46

Abstraction:Variant
Structure:Simple
Status:Incomplete

Release Date:2006-07-19
Latest Modification Date:2023-10-26

Weakness Name

Path Equivalence: 'filename ' (Trailing Space)

Description

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Files or Directories, Modify Files or Directories

Related Weaknesses

CWE-41Improper Resolution of Path Equivalence

CWE-162Improper Neutralization of Trailing Special Elements

CWE-289Authentication Bypass by Alternate Name

Latest Security News

Latest CVE List

Common Alerts

HighLog4Shell (CVE-2021-45046)
InformationalInformation Disclosure - Suspicious Comments
InformationalContent-Type Header Empty
MediumSession ID in URL Rewrite
MediumHTTP Only Site
LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)
MediumX-Frame-Options Defined via META (Non-compliant with Spec)
MediumApplication Error Disclosure via WebSockets
HighViewstate without MAC Signature (Sure)
MediumReferer Exposes Session ID

Common CWEs