CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 66 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16187 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16186 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16185 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16184 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16183 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16182 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16181 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16180 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16178 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16177 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16176 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16175 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16174 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16173 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16172 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16171 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16170 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16169 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16168 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16167 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
- risk 0.49cvss 7.5epss 0.02
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.