VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 67 of 275
  • CVE-2017-16166HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16165HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16164HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files.

  • CVE-2017-16163HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16162HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16161HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16160HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16159HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16158HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16157HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16156HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16155HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16154HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16152HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16150HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16149HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16148HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16147HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16146HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16145HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.