Description
The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Potential Impact
Confidentiality, Integrity
Read Files or Directories, Modify Files or Directories
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2004-0281 | Multiple trailing dot allows directory listing |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Multiple Trailing Dot - 'filedir....'
- Software Fault Patterns: SFP16 — Path Traversal
Frequently Asked Questions
What is CWE-43?
CWE-43 (Path Equivalence: 'filename....' (Multiple Trailing Dot)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the fi...
How can CWE-43 be exploited?
Attackers can exploit CWE-43 (Path Equivalence: 'filename....' (Multiple Trailing Dot)) to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-43?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-43?
CWE-43 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.