CWE-49 - Path Equivalence: 'filename/' (Trailing Slash)

CWE ID:

CWE-49

Abstraction:Variant
Structure:Simple
Status:Incomplete

Release Date:2006-07-19
Latest Modification Date:2023-10-26

Weakness Name

Path Equivalence: 'filename/' (Trailing Slash)

Description

The product accepts path input in the form of trailing slash ('filedir/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Files or Directories, Modify Files or Directories

Related Weaknesses

CWE-41Improper Resolution of Path Equivalence

CWE-162Improper Neutralization of Trailing Special Elements

Latest Security News

Latest CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives

Top CWE List