CWE-28 2 件の CVE MITRE の定義 ↗

CWE-28: Path Traversal: '..\filedir'

概要

CWE-28(Path Traversal: '..\filedir')は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Windows Undetermined
technology Not Technology-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2024-27810 2024-05-14 A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. …
CVE-2023-2059 2023-04-14 A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipula…

旧名称

  • Path Issue - Dot Dot Backslash - '..\filename' (2008-04-11)
  • Path Traversal: '..\filename' (2008-10-14)

コンテンツ投稿

名称
PLOVER
日付
2006-07-19
バージョン
Draft 3

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Applicable_Platforms, Description, Name
2008-11-24 CWE Content Team 1.1 updated Observed_Examples
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2010-06-21 CWE Content Team 1.9 updated Description, Potential_Mitigations
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Observed_Examples, Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence