CWE-46: Path Equivalence: 'filename ' (Trailing Space)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Files or Directories Modify Files or Directories
观察示例
参考: CVE-2001-0693
Source disclosure via trailing encoded space "%20"
参考: CVE-2001-0778
Source disclosure via trailing encoded space "%20"
参考: CVE-2001-1248
Source disclosure via trailing encoded space "%20"
参考: CVE-2004-0280
Source disclosure via trailing encoded space "%20"
参考: CVE-2004-2213
Source disclosure via trailing encoded space "%20"
参考: CVE-2005-0622
Source disclosure via trailing encoded space "%20"
参考: CVE-2005-1656
Source disclosure via trailing encoded space "%20"
参考: CVE-2002-1603
Source disclosure via trailing encoded space "%20"
参考: CVE-2001-0054
Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.
参考: CVE-2002-1451
Trailing space ("+" in query string) leads to source code disclosure.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Trailing Space - 'filedir ' | - |
| Software Fault Patterns | SFP16 | Path Traversal | - |