logo

CWE-52 - Path Equivalence: '/multiple/trailing/slash//'

  • Abstraction:Variant
  • Structure:Simple
  • Status:Incomplete
  • Release Date:2006-07-19
  • Latest Modification Date:2023-06-29

Weakness Name

Path Equivalence: '/multiple/trailing/slash//'

Description

The product accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences

Scope: Confidentiality, Integrity

Impact: Read Files or Directories, Modify Files or Directories

Related Weaknesses

CWE-41Improper Resolution of Path Equivalence

CWE-163Improper Neutralization of Multiple Trailing Special Elements

CWE-289Authentication Bypass by Alternate Name