QwikSec

Security Database

CVE

CWE

Training

Back to CWE list

CWE-46

Path Equivalence: 'filename ' (Trailing Space)

Variant

Incomplete

Description

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Parent Weaknesses (ChildOf)

CWE-162: Improper Neutralization of Tra...

CWE-41: Improper Resolution of Path Eq...

Related Weaknesses

CWE-289 (CanPrecede)

Common Consequences

Scope

Confidentiality

Integrity

Impact

Read Files or Directories, Modify Files or Directories

CVE-2001-0693

Source disclosure via trailing encoded space "%20"

CVE-2001-0778

Source disclosure via trailing encoded space "%20"

CVE-2001-1248

Source disclosure via trailing encoded space "%20"

CVE-2004-0280

Source disclosure via trailing encoded space "%20"

CVE-2004-2213

Source disclosure via trailing encoded space "%20"

CVE-2005-0622

Source disclosure via trailing encoded space "%20"

CVE-2005-1656

Source disclosure via trailing encoded space "%20"

CVE-2002-1603

Source disclosure via trailing encoded space "%20"

CVE-2001-0054

Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.

CVE-2002-1451

Trailing space ("+" in query string) leads to source code disclosure.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.