Description

The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Extended Description

N/A

---

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

---

Observed Examples (CVEs)

• CVE: CVE-2001-0693

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2001-0778

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2001-1248

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2004-0280

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2004-2213

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2005-0622

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2005-1656

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2002-1603

  Source disclosure via trailing encoded space "%20"

• CVE: CVE-2001-0054

  Multi-Factor Vulnerability (MFV). directory traversal and other issues in FTP server using Web encodings such as "%20"; certain manipulations have unusual side effects.

• CVE: CVE-2002-1451

  Trailing space ("+" in query string) leads to source code disclosure.

Related Attack Patterns (CAPEC)

---

Attack TTPs

Malware

APTs (Intrusion Sets)

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Potential Mitigations

Applicable Platforms

• None (Not Language-Specific, Undetermined)

---

Demonstrative Examples

N/A

Notes

← Back to CWE list