VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 65 of 275
  • CVE-2017-16213HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16212HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16211HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16210HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16209HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16208HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16201HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16200HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16199HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16198HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.

  • CVE-2017-16197HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.03

    qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16196HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16195HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16194HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16193HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16192HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16191HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16190HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16189HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16188HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.