CWE-39: Path Traversal: 'C:dirname'
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file.
常见后果
影响范围: Integrity Confidentiality Availability
技术影响: Execute Unauthorized Code or Commands
说明: The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
影响范围: Integrity
技术影响: Modify Files or Directories
说明: The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.
影响范围: Confidentiality
技术影响: Read Files or Directories
说明: The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.
影响范围: Availability
技术影响: DoS: Crash, Exit, or Restart
说明: The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software.
潜在缓解措施
阶段: Implementation
策略: Input Validation
有效性: High
阶段: Implementation
策略: Input Validation
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
观察示例
参考: CVE-2001-0038
Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.
参考: CVE-2001-0255
FTP server allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
参考: CVE-2001-0687
FTP server allows a remote attacker to retrieve privileged system information by specifying arbitrary paths.
参考: CVE-2001-0933
FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.
参考: CVE-2002-0466
Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.
参考: CVE-2002-1483
Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form "C:" (Drive letter), "//absolute/path", or ".." .
参考: CVE-2004-2488
FTP server read/access arbitrary files using "C:\" filenames
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | 'C:dirname' or C: (Windows volume or 'drive letter') | - |
| CERT C Secure Coding | FIO05-C | Identify files using multiple file attributes | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |