1 vulnerabilities classified as CWE-44 (路径等价:’file.name’ (内部点号)). AI Chinese analysis included.
CWE-44 is a path traversal weakness occurring when software accepts file paths containing internal dots without proper validation. This flaw allows attackers to manipulate input strings, such as "file.name," to bypass intended access controls and traverse the directory structure to reach sensitive or unintended files. By exploiting ambiguous path resolution mechanisms, malicious actors can read, modify, or delete critical system resources outside the expected scope. To mitigate this risk, developers must implement strict input validation that sanitizes all user-supplied path components. Utilizing canonicalization functions to resolve paths to their absolute form before comparison ensures consistency. Additionally, employing allowlists for permitted file extensions and restricting access to specific directories further prevents unauthorized traversal, thereby securing the application against these ambiguous resolution attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT — Apache Tomcat | 8.8 | - | 2025-03-10 |
Vulnerabilities classified as CWE-44 (路径等价:’file.name’ (内部点号)) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.