CWE-42: Path Equivalence: 'filename.' (Trailing Dot)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
观察示例
参考: CVE-2000-1114
Source code disclosure using trailing dot
参考: CVE-2002-1986
Source code disclosure using trailing dot
参考: CVE-2004-2213
Source code disclosure using trailing dot
参考: CVE-2005-3293
Source code disclosure using trailing dot
参考: CVE-2004-0061
Bypass directory access restrictions using trailing dot in URL
参考: CVE-2000-1133
Bypass directory access restrictions using trailing dot in URL
参考: CVE-2001-1386
Bypass check for ".lnk" extension using ".lnk."
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Trailing Dot - 'filedir.' | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |