Path Equivalence: '/multiple//internal/slash'
This vulnerability occurs when an application accepts file or directory paths containing multiple consecutive forward slashes (e.g., '/var//www///html') without normalizing them. Attackers can exploit this ambiguity to bypass security checks and access files or directories outside the intended scope.
File systems and path parsers often treat sequences like '//', '///', or '////' as equivalent to a single slash ('/'). While this might seem harmless, security mechanisms that check for directory traversal sequences (like '../') might not recognize a path like '/secure//../sensitive.txt' as malicious. This creates a mismatch between how the security filter sees the path and how the operating system ultimately resolves it, allowing an attacker to slip through. To prevent this, developers should implement strict path validation by normalizing all user-supplied paths before processing. Use canonical functions provided by your programming language (like `realpath()` in PHP or `Path.GetFullPath()` in .NET) to resolve any redundant slashes and directory traversals to a single, absolute, and clean path. Always validate this final path against a strict allow-list of permitted directories, never relying solely on blacklists or simple string matching.
Impact: Read Files or DirectoriesModify Files or Directories
Strategy: Input Validation
- File Processing
- File or Directory
- PLOVER
- Software Fault Patterns