CWE-52: CWE-52: Path Equivalence: '/multiple/trailing/slash//'

VariantStable

Description

View on MITRE
Back to CWE Lookup

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
Languages
Platforms
Languages

Frequently Asked Questions

What is CWE-52: CWE-52: Path Equivalence: '/multiple/trailing/slash//'?+

CWE-52: CWE-52: Path Equivalence: '/multiple/trailing/slash//' is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description

What are the security consequences of CWE-52: Path Equivalence: '/multiple/trailing/slash//'?+

If exploited, CWE-52 (CWE-52: Path Equivalence: '/multiple/trailing/slash//') it can compromise Read Files or Directories and Modify Files or Directories, leading to outcomes such as Scope: Confidentiality and Integrity.

How do you prevent or mitigate CWE-52: Path Equivalence: '/multiple/trailing/slash//'?+

Recommended mitigations for CWE-52 include: Strategy: Input Validation Inputs should be decoded and canonicalized to the application's current internal representation before being validated ( CWE-180 ). Make sure that the application does not decode the same input twice ( CWE-174 ). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Which programming languages are affected by CWE-52: Path Equivalence: '/multiple/trailing/slash//'?+

CWE-52 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-52 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More