CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 137 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16473 | — | Med | 0.35 | 5.3 | 0.01 | Nov 6, 2018 | A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | |
| CVE-2018-16457 | Med | 0.35 | 5.3 | 0.02 | Oct 4, 2018 | PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | ||
| CVE-2018-16549 | Med | 0.35 | 5.3 | 0.03 | Sep 5, 2018 | HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. | ||
| CVE-2017-1749 | Med | 0.35 | 5.3 | 0.02 | Aug 13, 2018 | IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. | ||
| CVE-2018-14927 | Med | 0.35 | 5.3 | 0.01 | Aug 3, 2018 | Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | ||
| CVE-2018-13034 | — | Med | 0.35 | 5.3 | 0.02 | Jul 9, 2018 | Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences. | |
| CVE-2018-3715 | — | Med | 0.35 | 6.5 | 0.01 | Jun 7, 2018 | glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |
| CVE-2018-3713 | — | Med | 0.35 | 6.5 | 0.01 | Jun 7, 2018 | angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | |
| CVE-2018-3712 | Med | 0.35 | 6.5 | 0.02 | Jun 7, 2018 | serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. | ||
| CVE-2017-16222 | Med | 0.35 | 5.3 | 0.02 | Jun 7, 2018 | elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to… | ||
| CVE-2017-16179 | — | Med | 0.35 | 5.3 | 0.02 | Jun 7, 2018 | dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. | |
| CVE-2017-16109 | — | Med | 0.35 | 5.3 | 0.02 | Jun 7, 2018 | easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not… | |
| CVE-2016-10561 | — | Med | 0.35 | 5.3 | 0.01 | May 31, 2018 | Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. | |
| CVE-2017-2594 | — | Med | 0.35 | 5.4 | 0.02 | May 8, 2018 | hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. | |
| CVE-2018-8003 | Med | 0.35 | 5.3 | 0.04 | May 3, 2018 | Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the… | ||
| CVE-2018-9921 | Med | 0.35 | 5.3 | 0.01 | Apr 23, 2018 | In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an… | ||
| CVE-2018-9117 | Med | 0.35 | 5.3 | 0.03 | Mar 29, 2018 | WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | ||
| CVE-2018-1000083 | Med | 0.35 | 5.3 | 0.01 | Mar 13, 2018 | Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that… | ||
| CVE-2018-0525 | Med | 0.35 | 5.3 | 0.03 | Mar 9, 2018 | Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2017-16922 | Med | 0.35 | 5.3 | 0.01 | Mar 5, 2018 | In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request. |
- risk 0.35cvss 5.3epss 0.01
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
- risk 0.35cvss 5.3epss 0.02
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.
- risk 0.35cvss 5.3epss 0.03
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
- risk 0.35cvss 5.3epss 0.02
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.
- risk 0.35cvss 5.3epss 0.01
Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.
- risk 0.35cvss 5.3epss 0.02
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences.
- risk 0.35cvss 6.5epss 0.01
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
- risk 0.35cvss 6.5epss 0.01
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
- risk 0.35cvss 6.5epss 0.02
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
- risk 0.35cvss 5.3epss 0.02
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to…
- risk 0.35cvss 5.3epss 0.02
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.
- risk 0.35cvss 5.3epss 0.02
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not…
- risk 0.35cvss 5.3epss 0.01
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
- risk 0.35cvss 5.4epss 0.02
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
- risk 0.35cvss 5.3epss 0.04
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the…
- risk 0.35cvss 5.3epss 0.01
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an…
- risk 0.35cvss 5.3epss 0.03
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.
- risk 0.35cvss 5.3epss 0.01
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that…
- risk 0.35cvss 5.3epss 0.03
Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.35cvss 5.3epss 0.01
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.