VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 66 of 275
  • CVE-2017-16187HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16186HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16185HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16184HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16183HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16182HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16181HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16180HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16178HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16177HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16176HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16175HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16174HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16173HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16172HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16171HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16170HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16169HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16168HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16167HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.