VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 137 of 275
  • CVE-2018-16473MedNov 6, 2018
    risk 0.35cvss 5.3epss 0.01

    A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.

  • CVE-2018-16457MedOct 4, 2018
    risk 0.35cvss 5.3epss 0.02

    PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.

  • CVE-2018-16549MedSep 5, 2018
    risk 0.35cvss 5.3epss 0.03

    HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.

  • CVE-2017-1749MedAug 13, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.

  • CVE-2018-14927MedAug 3, 2018
    risk 0.35cvss 5.3epss 0.01

    Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.

  • CVE-2018-13034MedJul 9, 2018
    risk 0.35cvss 5.3epss 0.02

    Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences.

  • CVE-2018-3715MedJun 7, 2018
    risk 0.35cvss 6.5epss 0.01

    glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

  • CVE-2018-3713MedJun 7, 2018
    risk 0.35cvss 6.5epss 0.01

    angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.

  • CVE-2018-3712MedJun 7, 2018
    risk 0.35cvss 6.5epss 0.02

    serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

  • CVE-2017-16222MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to…

  • CVE-2017-16179MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.

  • CVE-2017-16109MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not…

  • CVE-2016-10561MedMay 31, 2018
    risk 0.35cvss 5.3epss 0.01

    Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.

  • CVE-2017-2594MedMay 8, 2018
    risk 0.35cvss 5.4epss 0.02

    hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.

  • CVE-2018-8003MedMay 3, 2018
    risk 0.35cvss 5.3epss 0.04

    Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the…

  • CVE-2018-9921MedApr 23, 2018
    risk 0.35cvss 5.3epss 0.01

    In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an…

  • CVE-2018-9117MedMar 29, 2018
    risk 0.35cvss 5.3epss 0.03

    WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.

  • CVE-2018-1000083MedMar 13, 2018
    risk 0.35cvss 5.3epss 0.01

    Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that…

  • CVE-2018-0525MedMar 9, 2018
    risk 0.35cvss 5.3epss 0.03

    Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2017-16922MedMar 5, 2018
    risk 0.35cvss 5.3epss 0.01

    In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.