CWE-44: Path Equivalence: 'file.name' (Internal Dot)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Files or Directories Modify Files or Directories
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Internal Dot - 'file.ordir' | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |