CWE-57 路径等价:'fakedir/'

admin 2021年11月4日23:16:12评论31 views字数 1736阅读5分47秒阅读模式

CWE-57 路径等价:'fakedir/'

Path Equivalence: 'fakedir/../realdir/filename'

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 41 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Files or Directories', 'Modify Files or Directories']

可能的缓解方案

MIT-20 Implementation

策略: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass whitelist validation schemes by introducing dangerous inputs after they have been checked.

分析过的案例

标识 说明 链接
CVE-2001-1152 Proxy allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152
CVE-2000-0191 application check access for restricted URL before canonicalization https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191
CVE-2005-1366 CGI source disclosure using "dirname/../cgi-bin" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER dirname/fakechild/../realchild/filename
Software Fault Patterns SFP16 Path Traversal

文章来源于互联网:scap中文网

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年11月4日23:16:12
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-57 路径等价:'fakedir/'http://cn-sec.com/archives/613103.html

发表评论

匿名网友 填写信息