CWE-40 4 個 CVE MITRE 定義 ↗

CWE-40:Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

概覽

CWE-40(Path Traversal: '\\UNC\share\name\' (Windows UNC Share))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Windows Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-27615 2026-02-24 ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the `ManualAdbPath` settings variable, which determines the path of the ADB binary to be execut…
CVE-2025-32103 2025-04-15 CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityMa…
CVE-2023-29446 2024-01-10 An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and po…
CVE-2021-44548 2021-12-23 An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to anothe…

曾用名

  • Path Issue - Windows UNC Share - '\\UNC\share\name\' (2008-04-11)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Observed_Examples, References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2021-03-15 CWE Content Team 4.4 updated Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Affected_Resources, Functional_Areas
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence