CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 69 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16107 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16106 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16105 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16104 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16103 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16102 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16101 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16097 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16096 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16095 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16094 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16093 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16092 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16091 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16090 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16089 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16085 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |
| CVE-2017-16084 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16039 | — | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2018 | `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |
| CVE-2017-16037 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2018 | `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. |
- risk 0.49cvss 7.5epss 0.02
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.