QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-43

Back to CWE list

CWE-43

Path Equivalence: 'filename....' (Multiple Trailing Dot)

Variant
Incomplete

Description

The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common Consequences

Scope

Confidentiality
Integrity

Impact

Read Files or Directories, Modify Files or Directories

CVE-2004-0281

Multiple trailing dot allows directory listing

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now