CWE-57 1 CVEs MITRE definition ↗

CWE-57: Path Equivalence: 'fakedir/../realdir/filename'

Overview

CWE-57 (Path Equivalence: 'fakedir/../realdir/filename') documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-34995 2024-05-24 svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to…

Previous names

  • Path Issue - dirname/fakechild/../realchild/filename (2008-04-11)
  • Path Equivalence: 'dirname/fakechild/../realchild/filename' (2008-10-14)

Content submission

Name
PLOVER
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description, Name, Observed_Examples, Other_Notes, Theoretical_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Observed_Examples, Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence