CWE-28: Path Traversal: '..\filedir'
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Files or Directories Modify Files or Directories
潜在缓解措施
阶段: Implementation
策略: Input Validation
阶段: Implementation
策略: Input Validation
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
观察示例
参考: CVE-2002-0661
"\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.
参考: CVE-2002-0946
Arbitrary files may be read files via ..\ (dot dot) sequences in an HTTP request.
参考: CVE-2002-1042
Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via "..\" sequences in queries.
参考: CVE-2002-1209
Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via "..\" sequences in a GET request.
参考: CVE-2002-1178
Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via "..\" sequences in an HTTP request.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
操作系统
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | '..\filename' ('dot dot backslash') | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |