|
gptkbp:instance_of
|
gptkb:Common_Weakness_Enumeration
|
|
gptkbp:bfsLayer
|
5
|
|
gptkbp:bfsParent
|
gptkb:CWE-20
|
|
gptkbp:category
|
Path Traversal
|
|
gptkbp:countermeasures
|
Implementing access controls.
Use of absolute paths.
|
|
gptkbp:difficulty
|
gptkb:High
|
|
gptkbp:enemy
|
Web-based attacks.
|
|
gptkbp:example
|
Using '..' in a file path to navigate to parent directories.
|
|
gptkbp:has_weakness
|
gptkb:CWE-22
gptkb:CWE-36
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CWE-23
|
|
gptkbp:impact
|
Unauthorized access to sensitive files.
|
|
gptkbp:is_described_as
|
A weakness that allows an attacker to access files and directories that are stored outside the intended directory.
|
|
gptkbp:is_protected_by
|
Validate and sanitize user input.
|
|
gptkbp:is_referenced_in
|
https://cwe.mitre.org/data/definitions/23.html
|
|
gptkbp:is_vulnerable_to
|
Web applications.
File upload services.
|
|
gptkbp:name
|
Relative Path Traversal
|
|
gptkbp:related_to
|
gptkb:CWE-200
gptkb:CWE-22
gptkb:CWE-134
gptkb:CWE-276
gptkb:CWE-28
gptkb:CWE-285
gptkb:CWE-306
gptkb:CWE-307
gptkb:CWE-36
gptkb:CWE-60
gptkb:CWE-611
gptkb:CWE-73
gptkb:CWE-775
gptkb:CWE-829
gptkb:CWE-862
gptkb:CWE-863
gptkb:CWE-864
gptkb:CWE-865
gptkb:CWE-866
gptkb:CWE-887
gptkb:CWE-888
gptkb:CWE-889
gptkb:CWE-892
gptkb:CWE-893
gptkb:CWE-894
gptkb:CWE-895
gptkb:CWE-896
gptkb:CWE-897
gptkb:CWE-898
gptkb:CWE-899
CWE-732
CWE-404
CWE-798
CWE-867
CWE-868
CWE-869
CWE-870
CWE-871
CWE-872
CWE-873
CWE-874
CWE-875
CWE-876
CWE-877
CWE-878
CWE-879
CWE-880
CWE-881
CWE-882
CWE-883
CWE-884
CWE-885
CWE-886
CWE-890
CWE-891
|