logo

Path Equivalence: 'filedir\' (Trailing Backslash)

Incomplete Variant
Structure: Simple
Description

This vulnerability occurs when an application accepts file or directory paths that end with a backslash (like 'filedir\') without properly normalizing or validating them. This trailing backslash can cause the system to interpret the path ambiguously, potentially allowing attackers to bypass security checks and access files or directories outside the intended scope.

Extended Description

At its core, this issue stems from how different operating systems and APIs handle path resolution. A trailing backslash can sometimes be interpreted as an indicator for a directory, but inconsistent parsing logic across functions can lead to unexpected behavior. For example, a security check might validate 'C:\safe\dir' as allowed, but later code might actually resolve 'C:\safe\dir\' combined with a relative path like '..\..\windows\system32' to escape the intended directory entirely. To prevent this, developers should implement strict path validation by normalizing all user-supplied paths to a canonical, absolute form before any security decisions or file operations. This involves removing trailing separators, resolving relative components (like '..' and '.'), and then comparing the cleaned path against a strict allowlist of permitted directories. Relying on simple string prefix checks is insufficient when path equivalence issues like this exist.
Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Read Files or DirectoriesModify Files or Directories
Potential Mitigations 1
Phase: Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (Incorrect Behavior Order: Validate Before Canonicalize). Make sure that the application does not decode the same input twice (Double Decoding of the Same Data). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Observed Examples 2
CVE-2004-0847web framework for .NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash)
CVE-2004-0061Bypass directory access restrictions using trailing dot in URL
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Functional Areas
  1. File Processing
Affected Resources
  1. File or Directory
Related Weaknesses
ChildOf: Improper Resolution of Path Equivalence (CWE-41)
ChildOf: Improper Neutralization of Trailing Special Elements (CWE-162)
Taxonomy Mapping
  • PLOVER
  • Software Fault Patterns