Description
The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL.
Confidentiality: Read Files or Directories
If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program).
Potential Mitigations
Phase: Architecture and Design
Description:
Make access control policy based on path information in canonical form. Use very restrictive regular expressions to validate that the path is in the expected form.
Phase: Architecture and Design
Description:
Reject all alternate path encodings that are not in the expected canonical form.