Detailedlikelihood: Highseverity: HighDraft

CAPEC-139Relative Path Traversal

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.

Related weaknesses· 1

CWE-23

Related attack patterns· 1

CAPEC-126 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessRelative Path Traversalcwe-23100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Path Traversal
CAPEC
Absolute Path Traversal
CAPEC
DEPRECATED: Directory Traversal
CAPEC
Symlink Attack
CAPEC
Using Slashes in Alternate Encoding
CAPEC
XPath Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.