CWE-42

Path Equivalence: 'filename.' (Trailing Dot)

Variant

Incomplete

Description

The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Parent Weaknesses (ChildOf)

CWE-162: Improper Neutralization of Tra...

CWE-41: Improper Resolution of Path Eq...

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

CVE-2000-1114

Source code disclosure using trailing dot

CVE-2002-1986

Source code disclosure using trailing dot

CVE-2004-2213

Source code disclosure using trailing dot

CVE-2005-3293

Source code disclosure using trailing dot

CVE-2004-0061

Bypass directory access restrictions using trailing dot in URL

CVE-2000-1133

Bypass directory access restrictions using trailing dot in URL

CVE-2001-1386

Bypass check for ".lnk" extension using ".lnk."

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-42

Path Equivalence: 'filename.' (Trailing Dot)

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms