Path Equivalence: 'filename....' (Multiple Trailing Dot)

Incomplete Variant

Structure: Simple

Description

The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories

Observed Examples 1

CVE-2004-0281Multiple trailing dot allows directory listing

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Functional Areas

File Processing

Affected Resources

File or Directory

Related Weaknesses

ChildOf:

Path Equivalence: 'filename.' (Trailing Dot) (CWE-42)

ChildOf:

Improper Neutralization of Multiple Trailing Special Elements (CWE-163)

Taxonomy Mapping

PLOVER
Software Fault Patterns