CWE-35Path Traversal: '.../...//'

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11
CWE-35 - Path Traversal: '.../...//' - Diagram

Metadata

CWE ID:
CWE-35
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Path Traversal: '.../...//'

描述

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

常见后果

范围:
Confidentiality, Integrity
影响:
Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
注释:
Not properly neutralizing '.../...//' (doubled triple dot slash) allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

相关 CWE