Description
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Potential Impact
Confidentiality, Integrity
Read Files or Directories, Modify Files or Directories
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2025-24813 | servlet in Java-based product allows code execution via a "file.Name" internal dot |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Internal Dot - 'file.ordir'
- Software Fault Patterns: SFP16 — Path Traversal
Frequently Asked Questions
What is CWE-44?
CWE-44 (Path Equivalence: 'file.name' (Internal Dot)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system...
How can CWE-44 be exploited?
Attackers can exploit CWE-44 (Path Equivalence: 'file.name' (Internal Dot)) to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-44?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-44?
CWE-44 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.