logo

Path Equivalence: 'filename....' (Multiple Trailing Dot)

Incomplete Variant
Structure: Simple
Description

This vulnerability occurs when an application accepts file or directory paths containing multiple trailing dots (like 'file....') without proper validation. Attackers can exploit this to bypass security checks, potentially accessing files or directories outside the intended scope.

Extended Description

Path equivalence vulnerabilities like this one trick the system's path resolution logic. When an application fails to normalize or validate a path like 'document....', different layers of the operating system or application framework may interpret it differently. This ambiguity can allow an attacker to escape restricted directories and traverse the file system to read, write, or delete sensitive files they shouldn't have access to. To prevent this, developers should implement strict input validation and canonicalize all user-supplied paths before use. Use built-in security functions to resolve paths to their absolute, normalized form, and enforce a whitelist of permitted directories. Never trust user input for file operations without first stripping potentially dangerous sequences and verifying the final path resides within the intended safe location.
Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories
Observed Examples 1
CVE-2004-0281Multiple trailing dot allows directory listing
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Functional Areas
  1. File Processing
Affected Resources
  1. File or Directory
Related Weaknesses
ChildOf: Path Equivalence: 'filename.' (Trailing Dot) (CWE-42)
ChildOf: Improper Neutralization of Multiple Trailing Special Elements (CWE-163)
Taxonomy Mapping
  • PLOVER
  • Software Fault Patterns