Description
A software system that accepts path input in the form of multiple internal slash (‘/multiple//internal/slash/’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-41
Consequences
Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories
Potential Mitigations
Phase: Implementation
Description:
Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CVE References
- CVE-2002-1483
- Read files with full pathname using multiple internal slash.
Read Time:1 Minute, 31 Second
Description
A software system that accepts path input in the form of multiple leading slash (‘//multiple/leading/slash’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-41
CWE-161
Consequences
Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories
Potential Mitigations
CVE References
- CVE-2002-1483
- Read files with full pathname using multiple internal slash.
- CVE-1999-1456
- Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
- CVE-2004-0578
- Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.
- CVE-2002-0275
- Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
- CVE-2004-1032
- Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.
- CVE-2002-1238
- Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
- CVE-2004-1878
- Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
- CVE-2005-1365
- Server allows remote attackers to execute arbitrary commands via a URL with multiple leading “/” (slash) characters and “..” sequences.
- CVE-2001-1072
- Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.
- CVE-2004-0235
- Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.
News, Advisories and much more