CWE-647Use of Non-Canonical URL Paths for Authorization Decisions

PUBLISHEDweakness recordHigh
released 2008-01-30 · last modified 2025-12-11

Metadata

CWE ID:
CWE-647
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2008-01-30
更新日期:
2025-12-11

名称

Use of Non-Canonical URL Paths for Authorization Decisions

描述

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

If an application defines policy namespaces and makes authorization decisions based on the URL, but it does not require or convert to a canonical URL before making the authorization decision, then it opens the application to attack. For example, if the application only wants to allow access to http://www.example.com/mypage, then the attacker might be able to bypass this restriction using equivalent URLs such as: Therefore it is important to specify access control policy that is based on the path information in some canonical form with all alternate encodings rejected (which can be accomplished by a default deny rule).

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism
注释:
An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL.
范围:
Confidentiality
影响:
Read Files or Directories
注释:
If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program).

相关 CWE