1. Home
  2. CWE Database
  3. CWE-46
Variant · Low-Medium

CWE-46: Path Equivalence: 'filename ' (Trailing Space)

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system...

CWE-46 · Variant Level ·10 CVEs

Description

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Potential Impact

Confidentiality, Integrity

Read Files or Directories, Modify Files or Directories

Real-World CVE Examples

CVE IDDescription
CVE-2001-0693Source disclosure via trailing encoded space "%20"
CVE-2001-0778Source disclosure via trailing encoded space "%20"
CVE-2001-1248Source disclosure via trailing encoded space "%20"
CVE-2004-0280Source disclosure via trailing encoded space "%20"
CVE-2004-2213Source disclosure via trailing encoded space "%20"
CVE-2005-0622Source disclosure via trailing encoded space "%20"
CVE-2005-1656Source disclosure via trailing encoded space "%20"
CVE-2002-1603Source disclosure via trailing encoded space "%20"
CVE-2001-0054Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.
CVE-2002-1451Trailing space ("+" in query string) leads to source code disclosure.

CWE-41: Improper Resolution of Path Equivalence

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use...

CWE-162: Improper Neutralization of Trailing Special Elements

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing sp...

CWE-289: Authentication Bypass by Alternate Name

The product performs authentication based on the name of a resource being accessed, or the name of the actor performing ...

Taxonomy Mappings

  • PLOVER: — Trailing Space - 'filedir '
  • Software Fault Patterns: SFP16 — Path Traversal

Frequently Asked Questions

What is CWE-46?

CWE-46 (Path Equivalence: 'filename ' (Trailing Space)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system...

How can CWE-46 be exploited?

Attackers can exploit CWE-46 (Path Equivalence: 'filename ' (Trailing Space)) to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-46?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-46?

CWE-46 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 10 real-world CVEs.