1. Home
  2. CWE Database
  3. CWE-57
Variant · Low-Medium

CWE-57: Path Equivalence: 'fakedir/../realdir/filename'

The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled...

CWE-57 · Variant Level ·3 CVEs ·1 Mitigations

Description

The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

Potential Impact

Confidentiality, Integrity

Read Files or Directories, Modify Files or Directories

Mitigations & Prevention

Implementation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Real-World CVE Examples

CVE IDDescription
CVE-2001-1152Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desi
CVE-2000-0191application check access for restricted URL before canonicalization
CVE-2005-1366CGI source disclosure using "dirname/../cgi-bin"

CWE-41: Improper Resolution of Path Equivalence

The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use...

Taxonomy Mappings

  • PLOVER: — dirname/fakechild/../realchild/filename
  • Software Fault Patterns: SFP16 — Path Traversal

Frequently Asked Questions

What is CWE-57?

CWE-57 (Path Equivalence: 'fakedir/../realdir/filename') is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled...

How can CWE-57 be exploited?

Attackers can exploit CWE-57 (Path Equivalence: 'fakedir/../realdir/filename') to read files or directories, modify files or directories. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-57?

Key mitigations include: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (C

What is the severity of CWE-57?

CWE-57 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 3 real-world CVEs.