...
Using path names from untrusted sources without first canonicalizing them and then validating them can result in directory traversal and ath path equivalence vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS02-J | medium | unlikely | medium | P4 | L3 |
Related Vulnerabilities
Related Guidelines
FIO02-C. Canonicalize path names originating from untrusted sources | |
FIO02-CPP. Canonicalize path names originating from untrusted sources |
Related Vulnerabilities
| ||||
| ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bc3f99d3d480dbdd-87e39c78-45ac4869-a16b9762-574164cec1b2cc4e2b8fe300"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 171 | http://cwe.mitre.org/data/definitions/171.html] "Cleansing, Canonicalization, and Comparison Errors"]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 647 "Use of Non-Canonical URL Paths for Authorization Decisions" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d07c9ebb59402e1c-8a6a3222-4c644c3d-a34eafb0-ebba821a90928666e4a0c0d7"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method getCanonicalPath() | http://java.sun.com/javase/6/docs/api/java/io/File.html#getCanonicalPath()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d92136632489a973-82884792-42314092-8d67a094-f3f3967e00b9c29231e2fed4"><ac:plain-text-body><![CDATA[ | [[Harold 1999 | AA. Bibliography#Harold 99]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...