SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 144

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 145

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CVE-2008-5518 describes multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows that allow remote attackers to upload files to arbitrary directories.

Related Guidelines

The CERT C Secure Coding Standard

FIO02-C. Canonicalize path names originating from untrusted sources

The CERT C++ Secure Coding Standard

FIO02-CPP. Canonicalize path names originating from untrusted sources

ISO/IEC TR 24772:2013

Path Traversal [EWR]

MITRE CWE

CWE-171, Cleansing, canonicalization, and comparison errors
CWE-647, Use of non-canonical URL paths for authorization decisions

...