Description
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.
Potential Impact
Confidentiality, Integrity, Access Control
Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism
Mitigations & Prevention
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across relat
Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Detection Methods
- Automated Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Manual Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Dynamic Analysis with Automated Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Dynamic Analysis with Manual Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Manual Static Analysis - Source Code High — According to SOAR [REF-1479], the following detection techniques may be useful:
- Automated Static Analysis - Source Code SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2000-1114 | Source code disclosure using trailing dot |
| CVE-2002-1986 | Source code disclosure using trailing dot |
| CVE-2004-2213 | Source code disclosure using trailing dot or trailing encoding space "%20" |
| CVE-2005-3293 | Source code disclosure using trailing dot |
| CVE-2004-0061 | Bypass directory access restrictions using trailing dot in URL |
| CVE-2000-1133 | Bypass directory access restrictions using trailing dot in URL |
| CVE-2001-1386 | Bypass check for ".lnk" extension using ".lnk." |
| CVE-2001-0693 | Source disclosure via trailing encoded space "%20" |
| CVE-2001-0778 | Source disclosure via trailing encoded space "%20" |
| CVE-2001-1248 | Source disclosure via trailing encoded space "%20" |
| CVE-2004-0280 | Source disclosure via trailing encoded space "%20" |
| CVE-2005-0622 | Source disclosure via trailing encoded space "%20" |
| CVE-2005-1656 | Source disclosure via trailing encoded space "%20" |
| CVE-2002-1603 | Source disclosure via trailing encoded space "%20" |
| CVE-2001-0054 | Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects. |
Showing 15 of 50 observed examples.
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Path Equivalence
- CERT C Secure Coding: FIO02-C — Canonicalize path names originating from untrusted sources
Frequently Asked Questions
What is CWE-41?
CWE-41 (Improper Resolution of Path Equivalence) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations...
How can CWE-41 be exploited?
Attackers can exploit CWE-41 (Improper Resolution of Path Equivalence) to read files or directories, modify files or directories, bypass protection mechanism. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-41?
Key mitigations include: Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not stric
What is the severity of CWE-41?
CWE-41 is classified as a Base-level weakness (Medium abstraction). It has been observed in 50 real-world CVEs.