CWE-SANS-Top-25/Risky-resource-management/CWE-22
Jump to navigation
Jump to search
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
Directory traversal or path traversal attack consists of exploiting improper navigation controls in a web application to browse pages, files and directories that are not explicit in the application (e.g. by including ../../../etc/password).
Risk measurement
| Weakness Prevalence | Widespread |
|---|---|
| Remediation Cost | Low |
| Attack Frequency | Often |
| Consequences | Code execution, Data loss, Denial of service |
| Ease of Detection | Easy |
| Attacker Awareness | High |