CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 71 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8909 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2018 | The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | ||
| CVE-2014-3626 | Hig | 0.49 | 7.5 | 0.02 | Mar 19, 2018 | The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the… | ||
| CVE-2018-6810 | Hig | 0.49 | 7.5 | 0.05 | Mar 6, 2018 | Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. | ||
| CVE-2018-1316 | Hig | 0.49 | 7.5 | 0.03 | Mar 5, 2018 | The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion.… | ||
| CVE-2018-7586 | Hig | 0.49 | 7.5 | 0.02 | Mar 1, 2018 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | ||
| CVE-2017-9447 | — | Hig | 0.49 | 7.5 | 0.02 | Feb 28, 2018 | In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness… | |
| CVE-2018-7482 | Hig | 0.49 | 7.5 | 0.02 | Feb 28, 2018 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname… | ||
| CVE-2018-1299 | Hig | 0.49 | 7.5 | 0.03 | Feb 6, 2018 | In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it… | ||
| CVE-2018-1048 | — | Hig | 0.49 | 7.5 | 0.02 | Jan 24, 2018 | It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of… | |
| CVE-2018-6184 | — | Hig | 0.49 | 7.5 | 0.09 | Jan 24, 2018 | ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | |
| CVE-2015-9250 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | ||
| CVE-2014-5068 | Hig | 0.49 | 7.5 | 0.03 | Jan 11, 2018 | Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | ||
| CVE-2017-17662 | Hig | 0.49 | 7.5 | 0.03 | Jan 10, 2018 | Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for… | ||
| CVE-2017-1671 | Hig | 0.49 | 7.5 | 0.03 | Jan 9, 2018 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. | ||
| CVE-2018-5283 | Hig | 0.49 | 7.5 | 0.02 | Jan 8, 2018 | The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | ||
| CVE-2018-5291 | Hig | 0.49 | 7.5 | 0.04 | Jan 8, 2018 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | ||
| CVE-2018-5290 | Hig | 0.49 | 7.5 | 0.04 | Jan 8, 2018 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | ||
| CVE-2018-5289 | Hig | 0.49 | 7.5 | 0.04 | Jan 8, 2018 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | ||
| CVE-2018-5287 | Hig | 0.49 | 7.5 | 0.04 | Jan 8, 2018 | The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | ||
| CVE-2017-1000448 | Hig | 0.49 | 7.5 | 0.02 | Jan 2, 2018 | Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. |
- risk 0.49cvss 7.5epss 0.02
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
- risk 0.49cvss 7.5epss 0.02
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the…
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
- risk 0.49cvss 7.5epss 0.03
The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion.…
- risk 0.49cvss 7.5epss 0.02
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
- risk 0.49cvss 7.5epss 0.02
In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness…
- risk 0.49cvss 7.5epss 0.02
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname…
- risk 0.49cvss 7.5epss 0.03
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it…
- risk 0.49cvss 7.5epss 0.02
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of…
- risk 0.49cvss 7.5epss 0.09
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.
- risk 0.49cvss 7.5epss 0.03
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.
- risk 0.49cvss 7.5epss 0.03
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for…
- risk 0.49cvss 7.5epss 0.03
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.
- risk 0.49cvss 7.5epss 0.02
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.
- risk 0.49cvss 7.5epss 0.04
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
- risk 0.49cvss 7.5epss 0.04
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
- risk 0.49cvss 7.5epss 0.04
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
- risk 0.49cvss 7.5epss 0.04
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
- risk 0.49cvss 7.5epss 0.02
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.