CWE-57 路径等价:'fakedir/'

Path Equivalence: 'fakedir/../realdir/filename'

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Files or Directories', 'Modify Files or Directories']

可能的缓解方案

MIT-20 Implementation

策略: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass whitelist validation schemes by introducing dangerous inputs after they have been checked.

分析过的案例

标识 说明 链接
CVE-2001-1152 Proxy allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152
CVE-2000-0191 application check access for restricted URL before canonicalization https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191
CVE-2005-1366 CGI source disclosure using "dirname/../cgi-bin" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER dirname/fakechild/../realchild/filename
Software Fault Patterns SFP16 Path Traversal