CWE-48

Path Equivalence: 'file name' (Internal Whitespace)

Variant

Incomplete

Description

The product accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Parent Weaknesses (ChildOf)

CWE-41: Improper Resolution of Path Eq...

Common Consequences

Scope

Confidentiality

Integrity

Impact

Read Files or Directories, Modify Files or Directories

CVE-2000-0293

Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.

CVE-2001-1567

"+" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-48

Path Equivalence: 'file name' (Internal Whitespace)

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms