The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
View on MITREPath equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.
An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism than an attacker may be able to bypass the mechanism.
No mitigation information available for this CWE.
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Formal Methods / Correct-By-Construction Cost effective for partial coverage: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
"+" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.
View DetailsApplication server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
View DetailsWeb server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
View DetailsDirectory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.
View DetailsServer allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
View DetailsServer allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.
View DetailsServer allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
View DetailsProduct allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.
View DetailsServer allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
View DetailsProduct allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
View DetailsServer allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
View DetailsBypass access restrictions via multiple leading slash, which causes a regular expression to fail.
View DetailsArchive extracts to arbitrary files using multiple leading slash in filenames in the archive.
View DetailsASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
View DetailsServer allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.
View DetailsServer allows remote attackers to read password-protected files via a /./ in the HTTP request.
View DetailsServer allows remote attackers to view password protected files via /./ in the URL.
View DetailsProxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
View DetailsMultiple web servers allow restriction bypass using 8.3 names instead of long names
View DetailsMulti-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.
View DetailsNo relationship information available for this CWE.
CWE-41: Improper Resolution of Path Equivalence is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.
If exploited, CWE-41 (Improper Resolution of Path Equivalence) it can compromise Confidentiality, Integrity and Access Control, leading to outcomes such as Read Files or Directories, Modify Files or Directories and Bypass Protection Mechanism.
CWE-41 can be detected using Manual Static Analysis - Source Code and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.
CWE-41 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-41, including CVE-2000-1114, CVE-2002-1986, CVE-2004-2213, CVE-2005-3293 and CVE-2004-0061. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-41 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.