CWE-50

Read files with full pathname using multiple internal slash.

Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.

Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.

Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.

Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.

Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.

Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).

Server allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

Access directory using multiple leading slash.

Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.