MITRE の Common Weakness Enumeration(CWE)に沿って弱点タイプを体系的に探索します。各エントリには標準化された定義・説明・対応する CVE 件数があり、現実のリスク分析に使えます。
| CWE | 名称 | 概要 |
|---|---|---|
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors | This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Cons… |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to reso… |
| CWE-23 | Relative Path Traversal | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
| CWE-24 | Path Traversal: '../filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
| CWE-25 | Path Traversal: '/../filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory. |
| CWE-26 | Path Traversal: '/dir/../filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory. |
| CWE-27 | Path Traversal: 'dir/../../filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. |
| CWE-28 | Path Traversal: '..\filedir' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory. |
| CWE-29 | Path Traversal: '\..\filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-30 | Path Traversal: '\dir\..\filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-31 | Path Traversal: 'dir\..\..\filename' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-32 | Path Traversal: '...' (Triple Dot) | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '...' (triple dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-33 | Path Traversal: '....' (Multiple Dot) | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....' (multiple dot) sequences that can resolve to a location that is outside of that directory. |
| CWE-34 | Path Traversal: '....//' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory. |
| CWE-35 | Path Traversal: '.../...//' | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
| CWE-36 | Absolute Path Traversal | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
| CWE-37 | Path Traversal: '/absolute/pathname/here' | The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-38 | Path Traversal: '\absolute\pathname\here' | The product accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-39 | Path Traversal: 'C:dirname' | The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file. |
| CWE-40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file. |