CWE-39 1 CVEs MITRE definition ↗

CWE-39: Path Traversal: 'C:dirname'

Overview

CWE-39 (Path Traversal: 'C:dirname') documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2017-16609 2018-01-22 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. Th…

Previous names

  • Path Issue - Drive Letter or Windows Volume - 'C:dirname' (2008-04-11)

Content submission

Name
PLOVER
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Observed_Examples, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2021-03-15 CWE Content Team 4.4 updated Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence