CWE-42: Path Equivalence: 'filename.' (Trailing Dot)

Description

The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2000-1114

Source code disclosure using trailing dot
CVE: CVE-2002-1986

Source code disclosure using trailing dot
CVE: CVE-2004-2213

Source code disclosure using trailing dot
CVE: CVE-2005-3293

Source code disclosure using trailing dot
CVE: CVE-2004-0061

Bypass directory access restrictions using trailing dot in URL
CVE: CVE-2000-1133

Bypass directory access restrictions using trailing dot in URL
CVE: CVE-2001-1386

Bypass check for ".lnk" extension using ".lnk."

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Bypass Protection Mechanism — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list