CWE-43: Path Equivalence: 'filename....' (Multiple Trailing Dot)

Variant Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

常见后果

影响范围: Confidentiality Integrity

技术影响: Read Files or Directories Modify Files or Directories

观察示例

参考: CVE-2004-0281

Multiple trailing dot allows directory listing

引入模式

阶段 说明
Implementation -

适用平台

编程语言
Not Language-Specific (Undetermined)

分类映射

分类名称 条目ID 条目名称 映射适配度
PLOVER - Multiple Trailing Dot - 'filedir....' -
Software Fault Patterns SFP16 Path Traversal -
关键信息

CWE ID: CWE-43

抽象级别: Variant

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-42

Path Equivalence: 'filename.' (Trailing Dot)

Variant
ChildOf CWE-163

Improper Neutralization of Multiple Trailing Special Elements

Variant
返回列表