logo

Path Equivalence: 'filename ' (Trailing Space)

Incomplete Variant
Structure: Simple
Description

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories
Observed Examples 10
CVE-2001-0693Source disclosure via trailing encoded space "%20"
CVE-2001-0778Source disclosure via trailing encoded space "%20"
CVE-2001-1248Source disclosure via trailing encoded space "%20"
CVE-2004-0280Source disclosure via trailing encoded space "%20"
CVE-2004-2213Source disclosure via trailing encoded space "%20"
CVE-2005-0622Source disclosure via trailing encoded space "%20"
CVE-2005-1656Source disclosure via trailing encoded space "%20"
CVE-2002-1603Source disclosure via trailing encoded space "%20"
CVE-2001-0054Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.
CVE-2002-1451Trailing space ("+" in query string) leads to source code disclosure.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Attack Patterns
Functional Areas
  1. File Processing
Affected Resources
  1. File or Directory
Related Weaknesses
ChildOf: Improper Resolution of Path Equivalence (CWE-41)
ChildOf: Improper Neutralization of Trailing Special Elements (CWE-162)
CanPrecede: Authentication Bypass by Alternate Name (CWE-289)
Taxonomy Mapping
  • PLOVER
  • Software Fault Patterns