CWE-981: SFP Secondary Cluster: Path Traversal
ID
CWE-981
Status
Incomplete
This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Base | Simple | Stable | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-23 | Relative Path Traversal | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-24 | Path Traversal: '../filedir' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-25 | Path Traversal: '/../filedir' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-26 | Path Traversal: '/dir/../filename' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-27 | Path Traversal: 'dir/../../filename' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-28 | Path Traversal: '..\filedir' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-29 | Path Traversal: '\..\filename' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-30 | Path Traversal: '\dir\..\filename' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-31 | Path Traversal: 'dir\..\..\filename' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-32 | Path Traversal: '...' (Triple Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-33 | Path Traversal: '....' (Multiple Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-34 | Path Traversal: '....//' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-35 | Path Traversal: '.../...//' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-36 | Absolute Path Traversal | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-37 | Path Traversal: '/absolute/pathname/here' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-38 | Path Traversal: '\absolute\pathname\here' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-39 | Path Traversal: 'C:dirname' | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | Variant | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-41 | Improper Resolution of Path Equivalence | Base | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-42 | Path Equivalence: 'filename.' (Trailing Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-428 | Unquoted Search Path or Element | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-44 | Path Equivalence: 'file.name' (Internal Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-45 | Path Equivalence: 'file...name' (Multiple Internal Dot) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-46 | Path Equivalence: 'filename ' (Trailing Space) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-47 | Path Equivalence: ' filename' (Leading Space) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-48 | Path Equivalence: 'file name' (Internal Whitespace) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-49 | Path Equivalence: 'filename/' (Trailing Slash) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-50 | Path Equivalence: '//multiple/leading/slash' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-51 | Path Equivalence: '/multiple//internal/slash' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-52 | Path Equivalence: '/multiple/trailing/slash//' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-53 | Path Equivalence: '\multiple\\internal\backslash' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-54 | Path Equivalence: 'filedir\' (Trailing Backslash) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-55 | Path Equivalence: '/./' (Single Dot Directory) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-56 | Path Equivalence: 'filedir*' (Wildcard) | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-57 | Path Equivalence: 'fakedir/../realdir/filename' | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-58 | Path Equivalence: Windows 8.3 Filename | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-66 | Improper Handling of File Names that Identify Virtual Resources | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-67 | Improper Handling of Windows Device Names | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-706 | Use of Incorrectly-Resolved Name or Reference | Class | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-72 | Improper Handling of Apple HFS+ Alternate Data Stream Path | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-73 | External Control of File Name or Path | Base | Simple | Draft | |
Loading...