CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 274 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0175 | 0.00 | — | 0.02 | Aug 18, 2004 | Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. | |||
| CVE-2004-1354 | 0.00 | — | 0.04 | May 14, 2004 | The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a… | |||
| CVE-2004-1991 | 0.00 | — | 0.03 | May 3, 2004 | Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | |||
| CVE-2003-0593 | 0.00 | — | 0.03 | Apr 15, 2004 | Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that… | |||
| CVE-2003-1465 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | |||
| CVE-2003-1542 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | |||
| CVE-2003-1537 | 0.00 | — | 0.01 | Dec 31, 2003 | Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php. | |||
| CVE-2003-1529 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | |||
| CVE-2003-1501 | 0.00 | — | 0.03 | Dec 31, 2003 | Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | |||
| CVE-2003-1413 | 0.00 | — | 0.01 | Dec 31, 2003 | parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | |||
| CVE-2003-1380 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | |||
| CVE-2003-1373 | 0.00 | — | 0.01 | Dec 31, 2003 | Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | |||
| CVE-2003-1351 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | |||
| CVE-2003-1349 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | |||
| CVE-2003-1345 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | |||
| CVE-2003-1335 | 0.00 | — | 0.02 | Dec 31, 2003 | Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | |||
| CVE-2002-2269 | 0.00 | — | 0.02 | Dec 31, 2002 | Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||
| CVE-2002-2256 | 0.00 | — | 0.01 | Dec 31, 2002 | Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. | |||
| CVE-2002-2240 | 0.00 | — | 0.02 | Dec 31, 2002 | Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request. | |||
| CVE-2002-2238 | 0.00 | — | 0.01 | Dec 31, 2002 | Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request. |
- CVE-2004-0175Aug 18, 2004risk 0.00cvss —epss 0.02
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
- CVE-2004-1354May 14, 2004risk 0.00cvss —epss 0.04
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a…
- CVE-2004-1991May 3, 2004risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request.
- CVE-2003-0593Apr 15, 2004risk 0.00cvss —epss 0.03
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that…
- CVE-2003-1465Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
- CVE-2003-1542Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
- CVE-2003-1537Dec 31, 2003risk 0.00cvss —epss 0.01
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
- CVE-2003-1529Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.
- CVE-2003-1501Dec 31, 2003risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
- CVE-2003-1413Dec 31, 2003risk 0.00cvss —epss 0.01
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
- CVE-2003-1380Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
- CVE-2003-1373Dec 31, 2003risk 0.00cvss —epss 0.01
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
- CVE-2003-1351Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
- CVE-2003-1349Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command.
- CVE-2003-1345Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter.
- CVE-2003-1335Dec 31, 2003risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory.
- CVE-2002-2269Dec 31, 2002risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
- CVE-2002-2256Dec 31, 2002risk 0.00cvss —epss 0.01
Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters.
- CVE-2002-2240Dec 31, 2002risk 0.00cvss —epss 0.02
Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP GET request.
- CVE-2002-2238Dec 31, 2002risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.