Description
The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Potential Impact
Confidentiality, Integrity
Read Files or Directories, Modify Files or Directories
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Multiple Internal Dot - 'file...dir'
- Software Fault Patterns: SFP16 — Path Traversal
Frequently Asked Questions
What is CWE-45?
CWE-45 (Path Equivalence: 'file...name' (Multiple Internal Dot)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product accepts path input in the form of multiple internal dot ('file...dir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the fil...
How can CWE-45 be exploited?
Attackers can exploit CWE-45 (Path Equivalence: 'file...name' (Multiple Internal Dot)) to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-45?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-45?
CWE-45 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.