VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 69 of 275
  • CVE-2017-16107HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16106HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16105HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16104HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16103HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16102HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16101HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16097HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16096HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16095HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16094HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16093HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16092HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16091HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16090HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16089HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16085HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16084HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16039HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.02

    `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16037HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.02

    `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.