ソスyソスソスソスpソスKソスCソスhソスz

CWE-22

Weakness ID:22(Weakness Class)

Status: Draft

ソスpソスXソスEソスgソスソスソスoソス[ソスTソスソス

ソスソスソス

ソスソスソスソスvソスソス

ソスOソスソスソスソスソスソスフ難ソスソスヘにゑソスソスpソスXソスソスソスソスソス成ソスソスソスAソスソスソスソスソスソスソス黷スソスeソスfソスBソスソスソスNソスgソスソスソスzソスソスソスノ位置ソスソスソスソスtソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソスハゑソスソス驍スソス゚に用ソスソスソスソス謔、ソスネソソスtソスgソスEソスFソスAソスノゑソスソスソスソスト、ソスpソスXソスソスソスノ含まゑソスソスソスソスソスネ要ソスfソスフ厄ソスソスソスソスソスソスソスソスKソスリに行ソスソスソスネゑソスソス鼾ソスAソスソスソスソスソスソスソス黷スソスfソスBソスソスソスNソスgソスソスソスフ外ソスソスソスフパソスXソスソスソスソスソスソスソスソスソスツ能ソスナゑソスソスB

ソスレ細な会ソスソス

ソスソスソスソスソスソスソス黷スソスfソスBソスソスソスNソスgソスソスソスフ外ソスヨ費ソスソスソスソスoソスソスソスAソスVソスXソスeソスソスソスソスソスフ托ソスソスフフソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスヨのアソスNソスZソスXソスソスソスツ能ソスノゑソスソスワゑソスソスBソスTソス^ソスIソスネ難ソスソス齦カソスソスソスソスフ暦ソスニゑソスソスト、ソスソスソスンのデソスBソスソスソスNソスgソスソスソスフ親ソスfソスBソスソスソスNソスgソスソスソスニゑソスソスト会ソスソス゚ゑソスソスソスソス "../" ソスソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスヘ托ソスソスホパソスXソスフトソスソスソスoソス[ソスTソスソスソスニ呼ばゑソスワゑソスソスBソスワゑソスソスAソスpソスXソスgソスソスソスoソス[ソスTソスソスソスヘ、"/usr/local/bin" ソスフようソスネ撰ソスホパソスXソスソスソスソスソスpソスナゑソスソスAソス\ソスソスソスソスソスネゑソスソスtソス@ソスCソスソスソスヨのアソスNソスZソスXソスノ茨ソスソスpソスソスソスソスワゑソスソスBソスソスソスソスヘ撰ソスホパソスXソスフトソスソスソスoソス[ソスTソスソスソスニ呼ばゑソスワゑソスソスB

ソスソスソスソスソスフプソスソスソスOソスソスソス~ソスソスソスOソスソスソスソスノゑソスソスソスソスト、ソスソスソスソスソスソスソス黷スソスpソスXソスソスソスソスソスヨゑソス null ソスソスソスソスソスi0 ソスワゑソスソスソス NULソスjソスフ挿ソスソスソスヘ、ソスソスソスフ包ソスソスソスソスネ降ソスフ包ソスソスソスソスソスフ切ゑソスフてゑソスソスモ厄ソスソスソスソスワゑソスソスBソスUソスソスソスメゑソス null ソスソスソスソスソスフ挿ソスソスソスノゑソスソスAソスUソスソスソスナゑソスソスソスフ茨ソスソスソスLソスソスソスワゑソスソスBソス痰ヲソスホ、ソスSソストのパソスXソスソスソスソス ".txt" ソスソスtソス^ソスソスソスソス\ソスtソスgソスEソスFソスAソスノゑソスソスUソスソスソスヘ囲ゑソスソスeソスLソスXソスgソスtソス@ソスCソスソスソスフみに鯉ソスソス閧オソス謔、ソスニゑソスソスソスソス鼾ソスナゑソスソスAnull ソスソスソスソスソスフ挿ソスソスソスノゑソス閧アソスフ撰ソスソスソスソスヘ趣ソスソスソスソス纐ウソスソスソスソスソスソスソスソスワゑソスソスB

ソスハ厄ソス

ソスfソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソス


ソスpソスXソスgソスソスソスoソス[ソスTソスソス

"ソスfソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソス" ソスソスソスソス "ソスpソスXソスgソスソスソスoソス[ソスTソスソス" ソスフ包ソスソスソスソスソスソスソスソスソスソスソスワゑソスソスソスソスAソスソスソスソスソスソスソスソスUソスソスソスノ焦点ソスソスuソスソスソスソスソスソスソスフでゑソスソスB

ソスソスソスフ補足

ソスソスソスフ脆弱性ソスニ難ソスソスlソスノ、ソスソスソスフは搾ソスソス{ソスIソスネ脆弱性ソスナはなゑソスソスソスソスすソスソスソス@ソスノ奇ソステゑソスソスソスソスニゑソスソスソスソスソスワゑソスソスBソス齦費ソスナ呼ばゑソストゑソスソスソス"ソスfソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソス"ソスニゑソスソスソスソスソスソスフは、ソスfソスBソスソスソスNソスgソスソスソスソスソスzソスソスソスソスニゑソスソスソスソスソスソスハな意厄ソスソスソスソスソスソスソス ".." ソスyソスム難ソスソスlソスフシソス[ソスPソスソスソスXソスフイソスソスソスWソスFソスNソスVソスソスソスソスソスフみに鯉ソスソスyソスソスソスソスソスソスフでゑソスソスB

"ソスソスホパソスXソスソス" ソスyソスソス "ソスhソスソスソスCソスuソスソス" ソスニゑソスソスソスソスソスソズ趣ソスソスフ厄ソスソスフはデソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソスソスソス*ソスソスソスソス*ソスソスソスソスソスソスソスワゑソスソスソスソスA".." ソスソスソス驍「ソスヘ難ソスソスソスソスフ包ソスソスソスソスソスヘ含まゑソスネゑソスソスソスソス゚、ソスfソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソスソスニ呼ばゑソス驍アソスニはほとゑソスヌゑソスソスソスワゑソスソスソスB

ソスニ弱性ソスフ費ソスソスソスソスソスソスソス

ソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計
ソスソスソスソス

ソスYソスソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソス

ソスソスソスソス

ソスソスソスソスノ依托ソス

ソスソスハ的ソスネ影ソスソス

 

ソスeソスソスソスソスソスけゑソスヘ茨ソス ソスeソスソス
ソスソスソスSソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスFソスソスソスソスソスフなゑソスソスRソス[ソスhソスソスRソス}ソスソスソスhソスフ趣ソスソスs
ソスUソスソスソスメは、ソスvソスソスソスOソスソスソスソスソス窿会ソスCソスuソスソスソスソスソスフようソスネコソス[ソスhソスソスソスsソスノ使ソスpソスソスソスソスソス@ソスソスソスtソス@ソスCソスソスソスフ作成ソスソスソスヘ上書ソスソスソスソスソスツ能ソスナゑソスソスB
ソスソスソスSソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスFソスtソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスフ会ソスソスソスソスソス
ソスUソスソスソスメは、ソスvソスソスソスOソスソスソスソスソスAソスソスソスCソスuソスソスソスソスソスソスdソスvソスfソス[ソス^ソスフようソスネ機ソスソスソスtソス@ソスCソスソスソスフ作成ソスソスソスヘ上書ソスソスソスソスソスツ能ソスナゑソスソスBソスWソスIソスフフソス@ソスCソスソスソスソスソスZソスLソスソスソスソスソスeソスBソスフソスソスJソスjソスYソスソスソスノ使ソスpソスソスソスソストゑソスソスソス鼾ソスAソスUソスソスソスメはゑソスソスフソスソスJソスjソスYソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスニなゑソスワゑソスソスBソス痰ヲソスホ、ソスpソスXソスソスソス[ソスhソスtソス@ソスCソスソスソスフ厄ソスソスソスソスノ新ソスKソスAソスJソスEソスソスソスgソスソスソスソスソスソスソス驍アソスニで、ソスUソスソスソスメは認ソスリゑソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソス@ソスソスソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスFソスtソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスフ読み趣ソスソス
ソスUソスソスソスメは、ソス\ソスソスソスソスソスネゑソスソスtソス@ソスCソスソスソスフ難ソスソスeソスソスヌむゑソスソスニゑソスソスツ能ソスナゑソスソスソスAソスノ費ソスfソス[ソス^ソスソスRソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスWソスIソスフフソス@ソスCソスソスソスソスソスZソスLソスソスソスソスソスeソスBソスフソスソスJソスjソスYソスソスソスノ使ソスpソスソスソスソストゑソスソスソス鼾ソスAソスUソスソスソスメはゑソスソスフソスソスJソスjソスYソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスニなゑソスワゑソスソスBソス痰ヲソスホ、ソスpソスXソスソスソス[ソスhソスtソス@ソスCソスソスソスフ読み趣ソスソスノゑソスソスAソスUソスソスソスメはシソスXソスeソスソスソスフアソスJソスEソスソスソスgソスソスソスgソスpソスソスソスト侵ソスソスソスソスソスソスソス驍スソス゚に、ソスuソスソスソス[ソスgソスtソスHソス[ソスXソスUソスソスソスノゑソスソスソストパソスXソスソスソス[ソスhソス推托ソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソスツ用ソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスFDoS: crash / exit / restart
ソスUソスソスソスメはプソスソスソスOソスソスソスソスソスAソスソスソスCソスuソスソスソスソスソスソスdソスvソスfソス[ソス^ソスフようソスネ予ソスソスソスソスソスネゑソスソス@ソスソスソスtソス@ソスCソスソスソスソスソスAソス繽托ソスソスソスAソス除ソスAソスjソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスソスソスソスノゑソスソス\ソスtソスgソスEソスFソスAソスフ機ソス\ソスソスソスWソスソスソスソスソスAソスFソスリのようソスネ保護メソスJソスjソスYソスソスソスフ場合ソスノは、ソス\ソスtソスgソスEソスFソスAソスフ全ソストのソスソス[ソスUソスソスソスソスソスbソスNソスAソスEソスgソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスUソスソスソスソスソスけゑソスツ能ソスソス

ソスソスソスソスソス`ソスソスソスノ搾ソスソスソス

ソスソスソスoソスソスi

ソスソスソスソスソステ的ソスソスソスソス

ソスソスソスソスソスソスソスソスソス黷スソスソス@ソスノゑソスソスAソスpソスXソスgソスソスソスoソス[ソスTソスソスソスフ脆弱性ソスソスソスソスソスンゑソスソスソスGソスソスソスAソスソスTソスソスソスソスソスニゑソスソスツ能ソスナゑソスソスBソスソスソスソスナ、ソスpソスXソスgソスソスソスoソス[ソスTソスソスソスフ脆弱性ソスソスソスソス闖懶ソスソスソスソスソスニゑソスAソス\ソスtソスgソスEソスFソスAソスフ管暦ソスソスメゑソスソスソスソスソスソスソス[ソスUソスソスソスソスソスソスソスUソスソスソスツ能ソスネようソスノゑソスソスト優ソスソスxソスソスソスソスソスソスソス驍スソス゚には、ソス\ソスtソスgソスEソスFソスAソスフチソスソスソス[ソスjソスソスソスOソスソスJソスXソス^ソス}ソスCソスYソスソスソスKソスvソスニなゑソスワゑソスソスB

ソスLソスソスソスソスソスFソスソス

ソス闢ョソステ的ソスソスソスソス

ソス闢ョソスノゑソスソスzソスソスソスCソスgソス{ソスbソスNソスXソスソス@ソスノゑソスソスソスソスト、ソスソスソスソスソスソスソスヤの撰ソスソスソスソスソスナ全ソストのフソス@ソスCソスソスソスAソスNソスZソスXソスソスソスソスソス]ソスソスソスソスソス驍アソスニゑソスソスナゑソスソスソス鼾ソスAソス\ソスソスソスネコソス[ソスhソスヘ囲ゑソスソスJソスoソス[ソスソスソスソスソスソスナ、ソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB

ソスLソスソスソスソスソスFソスソス

ソスニ趣ソスネコソス[ソスhソスソス

ソスソス 1:

 

ソスネ会ソスソスフコソス[ソスhソスヘ、ソスeソスソスソス[ソスUソスフプソスソスソスtソスBソス[ソスソスソスソスが個別のフソス@ソスCソスソスソスニゑソスソスト格ソス[ソスソスソスソストゑソスソスソスAソス\ソス[ソスVソスソスソスソスソスlソスbソスgソスソスソス[ソスLソスソスソスOソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ暦ソスナゑソスソスBソスSソストのフソス@ソスCソスソスソスヘ難ソスソスソスフデソスBソスソスソスNソスgソスソスソスノ保托ソスソスソスソスソストゑソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF Perl ソスiソスソスソスソスソスソスj 
my $dataPath = "/users/cwe/profiles";
my $username = param("user");
my $profilePath = $dataPath . "/" . $username;


open(my $fh, "<$profilePath") || ExitError("profile read error: $profilePath");
print "<ul>¥n";
while (<$fh>) {
print "<li>$_</li>¥n";
}
print "</ul>¥n;"

ソスvソスソスソスOソスソスソス}ソスソス "/users/cwe/profiles/alice" ソスソス "/users/cwe/profiles/bob" ソスニゑソスソスソスソスソスソスAソスNソスZソスXソスtソス@ソスCソスソスソスソスzソス閧オソストゑソスソス驍スソス゚、ソスソスソス[ソスUソスpソスソスソスソスソス[ソス^ソスフ難ソスソスヘには茨ソスリ確ソスFソスソスソスsソスソスソストゑソスソスワゑソスソスソスBソスUソスソスソスメは以会ソスソスフようソスネ包ソスソスソスソスソスソスソスソスヘゑソスソスワゑソスソスB

ソスiソスUソスソスソスj 
../../../etc/passwd


ソスvソスソスソスOソスソスソスソスソスヘ以会ソスソスフようソスネパソスXソスソスソスソスソス成ソスソスソスワゑソスソスB

ソスiソスソスソスハ) 
/users/cwe/profiles/../../../etc/passwd

ソスtソス@ソスCソスソスソスソスソスJソスソスソスソスソスニゑソスソスAソスIソスyソスソスソス[ソスeソスBソスソスソスOソスVソスXソスeソスソスソスヘパソスXソスフ撰ソスソスKソスソスソスノゑソスソスソスソスソス "../" ソスフ会ソスソスソスソスソスソスsソスソスソスAソスソスソスロには以会ソスソスフフソス@ソスCソスソスソスノアソスNソスZソスXソスソスソスワゑソスソスB

ソスiソスソスソスハ) 
/etc/passwd


ソスソスソスフ鯉ソスソスハ、ソスUソスソスソスメはパソスXソスソスソス[ソスhソスtソス@ソスCソスソスソスフ全ソスソスソスソスヌむゑソスソスニゑソスソスツ能ソスニなゑソスワゑソスソスB

ソスtソスソスソスpソスXソスソスソスソスソスソスソスヘゑソスソスソスAソスソスソス[ソスUソスフパソスソスソスソスソス[ソス^ソスソスソスソスソスンゑソスソスソスtソス@ソスCソスソスソスソスソス成ソスソスソスネゑソスソスソスソスソスソス鼾ソスAソスソスソスフコソス[ソスhソスソス error message information leak (CWE-209) ソスフ脆弱性ソスソスソスワむ可能ソスソスソスソスソスソスソス驍アソスニに抵ソスソスモゑソスソストゑソスソスソスソスソスソスソスソスBソスソスソスoソスソスソス黷スソスtソス@ソスCソスソスソスフ出ソスヘエソスソスソスRソス[ソスfソスBソスソスソスOソスソスソスソスソス@ソスソスソストゑソスソスト、ソスソスソスツ、ソスvソスソスソスtソスBソス[ソスソスソスソス HTML ソスソスソスワまゑソストゑソスソスソス鼾ソスノは、ソスNソスソスソスXソスTソスCソスgソスXソスNソスソスソスvソスeソスBソスソスソスO(CWE-79) ソスフ脆弱性ソスソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスフゑソスソス゚、ソス{ソスニ弱性ソスノ該ソスソスソスソスソスソスtソス@ソスCソスソスソスネ外ソスノゑソスソスソスソストゑソスソスソスソスソスソスソスソスソスKソスvソスソスソスソスソスソスワゑソスソスB

 

ソスソス 2:

 

ソスネ会ソスソスフ暦ソスナは、ソスVソスXソスeソスソスソスvソスソスソスpソスeソスBソスノゑソスソスfソスBソスNソスVソスソスソスiソスソスソスtソス@ソスCソスソスソスヨのパソスXソスソスソスヌまゑソスAFile ソスIソスuソスWソスFソスNソスgソスフ擾ソスソスソスソスソスソスノ使ソスpソスソスソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF Java ソスiソスソスソスソスソスソスj 
String filename = System.getProperty("com.domain.application.dictionaryFile");
File dictionaryFile = new File(filename);

ソスソスソスソスソスソスソスソスソスフパソスXソスヘ、ソスtソス@ソスCソスソスソスIソスuソスWソスFソスNソスgソスソスソス成ソスソスソスソスOソスノ托ソスソスホパソスXソスソスソスホパソスXソスVソス[ソスPソスソスソスXソスソスソスワむゑソスソスニゑソスhソスソスソスソスソス゚の、ソステ難ソスソスソスソスフ確ソスFソスソスCソスソスソスソスソスsソスソスソストゑソスソスワゑソスソスソスBソスソスソスソスノゑソスソスAソスVソスXソスeソスソスソスvソスソスソスpソスeソスBソスソスソスRソスソスソスgソスソスソス[ソスソスソスナゑソスソスソスlソスナゑソスソスソスホ、ソスヌのフソス@ソスCソスソスソスソスソスgソスpソスソスソス驍ゥソスソスソスソスナゑソスソスワゑソスソスBソスpソスXソスヘゑソスソスソスソスフアソスvソスソスソスPソス[ソスVソスソスソスソスソス窿ソス[ソスUソスフホソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスノ対ゑソスソスト会ソスソスソスソスソスソスソスソスラゑソスソスナゑソスソスB

 

ソスソス 3:

 

ソスネ会ソスソスフコソス[ソスhソスヘ、ソスMソスソスソスナゑソスソスネゑソスソスソスソスヘゑソスソスけ趣ソスソスAソスソスソスヘゑソスソスソス "../" ソスソスソスtソスBソスソスソス^ソスソスソス驍スソス゚に撰ソスソスKソス\ソスソスソスソスソスgソスpソスソスソストゑソスソスワゑソスソスBソスソスソスフ鯉ソスAソスソスソスフ鯉ソスソスハに対ゑソス /home/user/ ソスfソスBソスソスソスNソスgソスソスソスソスtソスソスソスソスソスAソスソスソスフ最終ソスソスソスハのパソスXソスソスソスフフソス@ソスCソスソスソスソスヌみ搾ソスソスソスソスソスソスニゑソスソストゑソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF Perl ソスiソスソスソスソスソスソスj 
my $Username = GetUntrustedInput();
$Username =" s/¥.¥.¥///;
my $filename = "/home/user/" . $Username;
ReadAndSendFile($filename);

ソスソスLソスフ撰ソスソスKソス\ソスソスソスナゑソス g ソスIソスvソスVソスソスソスソス (global match modifier) ソスソスソスgソスpソスソスソストゑソスソスネゑソスソスソスソス゚、ソスソスソスソスソスソスソスソス"../" ソスフ最擾ソスソスフイソスソスソスXソス^ソスソスソスXソスフみ擾ソスソスソスソスソスソスワゑソスソスBソスソスソスフゑソスソス゚、ソスネ会ソスソスフようソスネ値ソスフ難ソスソスヘにゑソスソスソスソストは、

ソスiソスUソスソスソスj 
../../../etc/passwd

ソスPソスツ目ゑソス "../" ソスソスソスソスソスソスソスソスソスソスAソスネ会ソスソスフ鯉ソスソスハとなゑソスワゑソスソスB

ソスiソスソスソスハ) 
../../etc/passwd

ソスソスソスフ値ソスソス /home/user/ ソスフ鯉ソスノ付ソス^ソスソスソスソスAソスネ会ソスソスフ鯉ソスソスハとなゑソスワゑソスソスB

ソスiソスソスソスハ) 
/home/user/../../etc/passwd


ソスソスソスソスノゑソスソスAソスIソスyソスソスソス[ソスVソスソスソスソスソスVソスXソスeソスソスソスソスソスpソスXソスソスソスノ含まゑソスソス ../ ソスVソス[ソスPソスソスソスXソスソスソスソスソス゚ゑソスソスソスソスソスソス_ソスソス /etc/passwd ソスtソス@ソスCソスソスソスソスヌみ趣ソスソスソスワゑソスソスBソスソスソスフ厄ソスソスソス relative path traversal (CWE-23) ソスソスソスソスソスソスソスNソスソスソスソスソスワゑソスソスB

 

ソスソス 4:

 

ソスネ会ソスソスフコソス[ソスhソスヘ、ソスソスソスヘゑソスソス黷スソスpソスXソスノ対ゑソスソスzソスソスソスCソスgソスソスソスXソスgソスノゑソスソステ難ソスソスソスソスフ鯉ソスソスリゑソスソスsソスソスソスAソスソスソスソスソスソスソスソス^ソスソスソスソス黷スソスtソス@ソスCソスソスソスノ対ゑソスソスAソスソスソスリゑソスソス黷スソス除ソスソスソスsソスソスソスワゑソスソスBソスソスソスフケソス[ソスXソスナは、"/safe_dir/" ソスニゑソスソスソスソスソスソスソスソスかゑソスnソスワゑソス鼾ソスAソスpソスXソスヘ妥難ソスソスナゑソスソスソスニ費ソスソスfソスソスソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスFJava ソスiソスソスソスソスソスソスj 
String path = getInputPath();
if (path.startsWith("/safe_dir/"))
{
File f = new File(path);
f.delete()
}

ソスUソスソスソスメは趣ソスソスフようソスネ難ソスソスヘゑソスソスツ能ソスナゑソスソスB 
/safe_dir/../important.dat

ソス\ソスtソスgソスEソスFソスAソスヘ、ソスpソスXソスソス "/safe_path/" ソスVソス[ソスPソスソスソスXソスソスソスソスnソスワゑソスソストゑソスソス驍スソス゚妥難ソスソスナゑソスソスソスニ鯉ソスソスネゑソスソスワゑソスソスソスソスA "../" ソスVソス[ソスPソスソスソスXソスノゑソスソスeソスfソスBソスソスソスNソスgソスソスソスソスソスソス important.dat ソスtソス@ソスCソスソスソスソスソス除ソスソスソストゑソスソスワゑソスソスワゑソスソスB

 

ソスソス 5:

 

ソスネ会ソスソスフコソス[ソスhソスヘ、Java ソスTソス[ソスuソスソスソスbソスgソスノゑソス髏ァソスソスソスソスソスソストゑソスソスネゑソスソスtソス@ソスCソスソスソスフアソスbソスvソスソスソス[ソスhソスAソスyソスムパソスXソスgソスソスソスoソス[ソスTソスソスソスフ脆弱性ソスフデソスソスソスソスソスXソスgソスソスソス[ソスVソスソスソスソスソスソスソスsソスソスソスワゑソスソスBHTML ソスRソス[ソスhソスヘ、ソスOソスノ趣ソスソスソスソスソスソスtソスHソス[ソスソスソスソス action ソスソスソスソスソスソスソスgソスソスソスソスソスtソス@ソスCソスソスソスフアソスbソスvソスソスソス[ソスhソスソスソスMソスフ暦ソスニ難ソスソスlソスフゑソスソスフで、PHP ソスRソス[ソスhソスフ托ソスソスソスソス Java ソスTソス[ソスuソスソスソスbソスgソスソスpソスソスソスソスソスソスソスフでゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスFHTML ソスiソスヌゑソスソスソスj 
<form action="FileUploadServlet" method="post" enctype="multipart/form-data">

Choose a file to upload: 
<input type="file" name="filename"/>
<br/>
<input type="submit" name="submit" value="Submit"/>

</form>


Java ソスTソス[ソスuソスソスソスbソスgソスソス doPost ソスソスソス\ソスbソスhソスソスソスソスソスNソスGソスXソスgソスソスソスけ趣ソスソスソスソスソスニゑソスソスAHTTP ソスソスソスNソスGソスXソスgソスwソスbソス_ソスソスソスソスtソス@ソスCソスソスソスソスソスソスソスソスソスoソスソスソスAソスソスソスNソスGソスXソスgソスソスソス黷スソスtソス@ソスCソスソスソスフ難ソスソスeソスソスヌみ搾ソスソスン、ソスtソス@ソスCソスソスソスソスソスソスソス[ソスJソスソスソスフアソスbソスvソスソスソス[ソスhソスfソスBソスソスソスNソスgソスソスソスヨ出ソスヘゑソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスFJava ソスiソスソスソスソスソスソスj 
public class FileUploadServlet extends HttpServlet {
...
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

response.setContentType("text/html");
PrintWriter out = response.getWriter();
String contentType = request.getContentType();

// the starting position of the boundary header
int ind = contentType.indexOf("boundary="); 
String boundary = contentType.substring(ind+9);

String pLine = new String(); 
String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value

// verify that content type is multipart form data 
if (contentType != null && contentType.indexOf("multipart/form-data") != -1) {

// extract the filename from the Http header
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
...
pLine = br.readLine(); 
String filename = pLine.substring(pLine.lastIndexOf("¥¥"), pLine.lastIndexOf("¥""));
...
// output the file to the local upload directory
try {
BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));
for (String line; (line=br.readLine())!=null; ) {
if (line.indexOf(boundary) == -1) {
bw.write(line);
bw.newLine();
bw.flush();
}
} //end of for loop
bw.close(); 

} catch (IOException ex) {...}
// output successful upload response HTML page
}
// output unsuccessful upload response HTML page
else 
{...}
}
...
}


ソスソスソスフコソス[ソスhソスヘ、ソスwソスbソス_ソスソスソスソス^ソスソスソスソス黷スソスtソス@ソスCソスソスソスソスソスフチソスFソスbソスNソスソスソスsソスソスソスワゑソスソスソスBソスソスソスフゑソスソス゚攻ソスソスソスメゑソス "../" ソスVソス[ソスPソスソスソスXソスソスソスgソスpソスソスソスAソスモ図ソスソスソスソスソスfソスBソスソスソスNソスgソスソスソスフ外ソスヨフソス@ソスCソスソスソスソスソスソスソスソスソスソスソズゑソスソスニゑソスソスツ能ソスナゑソスソスBソスソスソスsソスツ具ソスソスノゑソスソスソストは、ソスUソスソスソスメは任ソスモのフソス@ソスCソスソスソスフ読み擾ソスソスソスソスソスAソスRソス[ソスhソスソスソスsソスAソスNソスソスソスXソスTソスCソスgソスXソスNソスソスソスvソスeソスBソスソスソスOソスiCWE-79ソスjソスAソスVソスXソスeソスソスソスNソスソスソスbソスVソスソスソスソスソスAソスlソスXソスネ鯉ソスソスハゑソスソスソスソスソスソス轤キソスソスソスニゑソスソスツ能ソスナゑソスソスB

ソスワゑソスソスAソスソスソスフコソス[ソスhソスヘアソスbソスvソスソスソス[ソスhソスソスソスソスソスtソス@ソスCソスソスソス^ソスCソスvソスフチソスFソスbソスNソスソスソスsソスソスソストゑソスソスワゑソスソスソスBソスソスソスソスノゑソスソスAソスUソスソスソスメは趣ソスソスsソスtソス@ソスCソスソスソスソスAソスソスソスモのゑソスソスソスRソス[ソスhソスソスソスワむフソス@ソスCソスソスソスソスソスAソスbソスvソスソスソス[ソスhソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスiCWE-434ソスjソスB

 

ソスソスソスソスソスソスソス黷スソスソスソスソス

 

ソスQソスソス ソスレ搾ソス
CVE-2010-0467 Newsletter module allows reading arbitrary files using "../" sequences.
CVE-2009-4194 FTP server allows deletion of arbitrary files using ".." in the DELE command.
CVE-2009-4053 FTP server allows creation of arbitrary directories using ".." in the MKD command.
CVE-2009-0244 OBEX FTP service for a Bluetooth device allows listing of directories, and creation or reading of files using ".." sequences..
CVE-2009-4013 Software package maintenance program allows overwriting arbitrary files using "../" sequences.
CVE-2009-4449 Bulletin board allows attackers to determine the existence of files using the avatar.
CVE-2009-4581 PHP program allows arbitrary code execution using ".." in filenames that are fed to the include() function.
CVE-2010-0012 Overwrite of files using a .. in a Torrent file.
CVE-2010-0013 Chat program allows overwriting files using a custom smiley request.
CVE-2008-5748 Chain: external control of values for user's desired language and theme enables path traversal.

 

ソスソスQソスフ緩和ソスソス

ソスtソスFソス[ソスYソスFソスソスソスソス

ソス略ソスF ソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスN
ソスSソストの難ソスソスヘは茨ソスソスモのゑソスソスソスソスソスフと想ソス閧オソストゑソスソスソスソスソスソスソスソスBソスdソスlソスノ鯉ソスソスソスソスノ従ソスソスソスソスソスツゑソスソスソスソスソスヘのホソスソスソスCソスgソスソスソスXソスgソスソスソスgソスpソスソスソス體呻ソスAソスソスソスmソスフ受け難ソスソスソスソスソストゑソスソスソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスソス@ソスソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスdソスlソスノ費ソスソスソスソスソスソスソスヘゑソスソスソスソスロゑソスソスソスAソスソスソス驍「ソスヘ難ソスソスヘゑソスソスdソスlソスノ適ソスソスソスソスソスソス`ソスノ変会ソスソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスuソスソスソスbソスNソスソスソスXソスgソスノ依托ソスソスソスソストゑソスソスワゑソスソスソスソスAソスソスソスモのゑソスソスソスAソスソスソス驍「ソスヘ不ソスソスソスネ難ソスソスヘゑソスTソスソスソスソスソスニのみに暦ソスソスソスネゑソスソスナゑソスソスソスソスソスソスソスソスBソスソスソスソスソスソスソスAソスuソスソスソスbソスNソスソスソスXソスgソスヘ予ソスソスソスソスソスソスソスUソスソスソスフ鯉ソスソスmソスソスAソスソスソスソスソスソスソスノ具ソスソスロゑソスソスソスラゑソスソスsソスソスソスネ難ソスソスヘゑソスソスソスソス閧キソスソスロに役立ゑソスソスワゑソスソスB

ソスソスソスヘ値ソスフ妥難ソスソスソスソスソスソス`ソスFソスbソスNソスソスソスソスロ、ソスヨ連ソスソスソスソスソスソスソスネ全ソストの要ソスfソスiソスソスソスソスソスAソスソスソスヘタソスCソスvソスAソスソスソスeソスソスソスソスlソスフ範囲、ソスソスソスヘの過不ソスソスソスAソス\ソスソスソスAソスヨ連ソスソスソスソスtソスBソス[ソスソスソスhソスヤの茨ソスム撰ソスソスAソスyソスムビソスWソスlソスXソスソスソス[ソスソスソスフ茨ソスvソスAソスソスソスjソスノつゑソスソスト考ソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスrソスWソスlソスXソスソスソス[ソスソスソスフ暦ソスニゑソスソスト、"boat" ソスヘ英ソスソスソスソスソスソスソスソスソスワまなゑソスソスソスソス゚構ソスソスソスIソスノ有ソスソスソスナゑソスソスソスソスAソスソスソスソスソスJソスソスソスメゑソス "red" ソスソス "blue" ソスフようソスネ色ソスフ厄ソスソスOソスソスzソス閧キソスソス鼾ソスノは有ソスソスソスナはなゑソスソスAソスニゑソスソスソスソスソスソスWソスbソスNソスソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソス@ソスCソスソスソスソスソスノは、ソスgソスpソスソスソスソス髟カソスソスソスZソスbソスgソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスzソスソスソスCソスgソスソスソスXソスgソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスツ能ソスナゑソスソスソスホ、CWE-23 ソスフようソスネ脆弱性ソスソスhソスソスソスソスソス゚に、"." ソスフみゑソスソスtソス@ソスCソスソスソスソスソスノ含めるこソスニゑソスソスソスソスツゑソスソスACWE-36 ソスフようソスネ脆弱性ソスソスhソスソスソスソスソス゚に、"/" ソスフようソスネデソスBソスソスソスNソスgソスソスソスZソスpソスソスソス[ソス^ソスソスソスソスソスOソスソスソスソス謔、ソスソスソスソスソスソスソストゑソスソスソスソスソスソスソスソスB

ソスxソスソスソスFソスfソス[ソス^ソス無害ソスソスソスソスソスソス鼾ソスヘ、ソスナ終ソスソスソスハゑソスソス険ソスネ形ソスソスソスノなゑソスネゑソスソス謔、ソスノゑソスソストゑソスソスソスソスソスソスソスソスBソスTソスjソス^ソスCソスWソスソスソスOソスノゑソスソスA "." ソスソスソスソスソス ";" ソスネどの危険ソスネ包ソスソスソスソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスソスソスAソスUソスソスソスメにゑソスソスAソスTソスjソス^ソスCソスWソスソスソスOソス@ソス\ソスソスソス\ソスソスソスソスAソスfソス[ソス^ソスソスソス険ソスネ形ソスソス "ソスTソスjソス^ソスCソスWソスソスソスO" ソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスUソスソスソスメゑソスソスtソス@ソスCソスソスソスソス "sensitiveFile" ソスソス "." ソスソス}ソスソスソスソスソスA"sensi.tiveFile" ソスニゑソスソスソスソス鼾ソスソスzソス閧オソスワゑソスソスB ソスTソスjソス^ソスCソスWソスソスソスOソスノゑソスソス険ソスネ包ソスソスソスソスソス "." ソスソスソスソスソスソスソスソスソスソスソスニ、ソスLソスソスソスネフソス@ソスCソスソスソスソス "sensitiveFile" ソスニなゑソスワゑソスソスBソスソスソスヘデソス[ソス^ソスソスソスソスソスSソスニ費ソスソスfソスソスソス黷スソス鼾ソスAソスtソス@ソスCソスソスソスフセソスLソスソスソスソスソスeソスBソスソスソスソスソスヘ侵ソスQソスソスソスソスワゑソスソスBCWE-182 (Collapse of Data Into Unsafe Value) ソスソスソスQソスニゑソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

CWE-602 ソスソスhソスソスソスソスソス゚に、ソスNソスソスソスCソスAソスソスソスgソスソスソスナ行ソスソスソスソスSソストのセソスLソスソスソスソスソスeソスBソス`ソスFソスbソスNソスソスソスTソス[ソスoソスソスソスナゑソスソスソスソスlソスノ行ソスソスソストゑソスソス驍アソスニゑソスソスmソスFソスソスソストゑソスソスソスソスソスソスソスソスBソスUソスソスソスメはチソスFソスbソスNソスソスソスsソスソス黷スソスソスソスニに値ソスソスソスソスソスソスソスすゑソスAソスソスソス驍「ソスヘチソスFソスbソスNソスソスソスソスソスSソスノ擾ソスソスソスソスソスソス驍アソスニで、ソスNソスソスソスCソスAソスソスソスgソスソスソスフチソスFソスbソスNソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスソスソスフ場合ソスAソスソスソスソスソスされたソスlソスソスソスTソス[ソスoソスノ托ソスソスMソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソス略ソスFソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスN
ソスソスソスヘゑソスソス黷スソスpソスXソスソスソスフ妥難ソスソスソスソスソスソスmソスFソスソスソスソスOソスノ、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ難ソスソスソスソス\ソスソスソスノデソスRソス[ソスhソスソスソスAソスソスソスKソスソスソスソスソスト会ソスソスソスソスソスソスBソスソスdソスfソスRソス[ソスhソスノ抵ソスソスモゑソスソスト会ソスソスソスソスソスソスBソステ難ソスソスソスソスフ確ソスFソスフ鯉ソスノ危険ソスネ難ソスソスヘゑソスソスソス闕橸ソスン、ソスzソスソスソスCソスgソスソスソスXソスgソスノゑソス骭滂ソスリゑソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスソスソスKソスソスソスソスソス黷スソスpソスXソスソスソスソス供ゑソスソスソスAソスrソスソスソスhソスCソスソスソスフパソスXソスフ撰ソスソスKソスソスソスヨ撰ソスソスiソスソスFCソスソスソスソスソス realpath() ソスjソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスB ".." ソスVソス[ソスPソスソスソスXソスソスVソスソスソス{ソスソスソスbソスNソスソスソスソスソスNソスiCWE-23ソスACWE-59ソスjソスソスソスソスソスハ的ソスノ削除ソスソスソスワゑソスソスBソスソスソスKソスソスソスヨ撰ソスソスヘ以会ソスソスフゑソスソスフゑソスソスワみまゑソスソスF
ソスECソスF realpath()
ソスEJavaソスF getCanonicalPath()
ソスEASP.NETソスF GetFullPath()
ソスEPerlソスF realpath() or abs_path()
ソスEPHPソスF realpath()

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスF ソスソスソスCソスuソスソスソスソスソスAソスtソスソスソス[ソスソスソスソスソス[ソスN
ソス{ソスニ弱性ソスフ費ソスソスソスソスソスhソスソスソスAソスソスソス驍「ソスヘ本ソスニ弱性ソスソスソスソスソスソスソスソス竄キソスソスソス\ソスソスソスソス供ゑソスソスソスAソス\ソスソスソスノ鯉ソスソスソスソスソスソス黷スソスソスソスCソスuソスソスソスソスソスソスtソスソスソス[ソスソスソスソスソス[ソスNソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスtソス@ソスCソスAソスEソスHソス[ソスソス
ソス{ソスニ弱性ソスノ対ゑソスソスソスUソスソスソスソスソスソスソスmソスソスソスソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスiソスTソス[ソスhソスpソス[ソスeソスBソスヌ暦ソスソスノゑソスソスjソスRソス[ソスhソスソスソスCソスソスソスナゑソスソスネゑソスソスソスソスソスソス鼾ソスノゑソスソスソスソスト、ソスソス闡搾ソスソスソスIソスネソソスtソスgソスEソスFソスAソスフ保証趣ソスiソスニなるたソス゚、ソスル急ソスソスソスソスソスニゑソスソスト、ソスワゑソスソスヘ托ソスソスwソスhソスソスフ目的ソスニゑソスソスト鯉ソスソスハ的ソスナゑソスソスB

ソスLソスソスソスソスソスFソスソス
ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスヘ全ソストの難ソスソスヘベソスNソス^ソス[ソスソスヤ暦ソスソスソスソス驍アソスニゑソスソスナゑソスソスネゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスソスト、ソスソスソスヘゑソスソスソスソスリゑソスソス髀茨ソスソスソスノ対ゑソスソスト不ソスソスソスネ形ソスソスソスフ難ソスソスヘにゑソスソスAソスhソス艫ソスJソスjソスYソスソスソスソスソスIソスすゑソス謔、ソスネ行ソスラゑソスソスツ能ソスナゑソスソスBソス@ソス\ソスソスソスノゑソスソスソストは、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスヘ不ソスpソスモに撰ソスソスソスソスネソスソスNソスGソスXソスgソスソスソスソスソスロ、ソスワゑソスソスヘ修ソスソスソスソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスナ終ソスIソスノ、ソス闢ョソスノゑソスソスJソスXソス^ソス}ソスCソスYソスソスソスKソスvソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
ソスKソスvソスネタソスXソスNソスソスソスソスソスsソスソスソス驍スソス゚に具ソスソス゚ゑソスソスソスナ擾ソスソスソスソスフ鯉ソスソスソスソスソスソスgソスpソスソスソストコソス[ソスhソスソスソスソスソスsソスソスソストゑソスソスソスソスソスソスソスソスBソスツ能ソスナゑソスソスソスホ、ソスソスツのタソスXソスNソスフみに使ソスpソスソスソスソスソスAソスソスソスソスソスソスソスソスソス閧オソスソスソスPソスニのアソスJソスEソスソスソスgソスソスソス成ソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスUソスソスソスソスソスソスソスソスソスソスソスソスソス鼾ソスナゑソスソスAソスソスソスソスソスノ托ソスソスフソソスtソスgソスEソスFソスAソス竄サソスフ環具ソスソスヨアソスNソスZソスXソスソスソスソス驍アソスニは防ソスソスソスソスソスニゑソスソスナゑソスソスワゑソスソスBソス痰ヲソスホ、ソスソスソスノ難ソスソスソスIソスネオソスyソスソスソス[ソスVソスソスソスソスソスノゑソスソスソスソスト、ソス゚ゑソスソスソスソスノデソス[ソス^ソスxソス[ソスXソスフ管暦ソスソスメ鯉ソスソスソスソスソスKソスvソスニゑソスソスネゑソスソスfソス[ソス^ソスxソス[ソスXソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスマ奇ソスソスノゑソス驪ュソスソス
ソスtソス@ソスCソスソスソスソスソスソスURLソスフようソスネ擾ソスソスソスソスノ適ソスソスソスソスソスソスIソスuソスWソスFソスNソスgソスソスソスソスソスソスソスソスソスソストゑソスソスソス鼾ソスAソスソスソス驍「ソスヘ奇ソスソスmソスナゑソスソスソス鼾ソスAソスナ定しソスソスソスソスソスヘ値ソスiソスソスソスソスソスソスIDソスソスソスjソスソスソスソスソスソスロのフソス@ソスCソスソスソスソスソスソスURLソスフマソスbソスsソスソスソスOソスソスソス成ソスソスソスAソスソスソスソスネ外ソスフ難ソスソスヘゑソスソスソスソスロゑソスソストゑソスソスソスソスソスソスソスソスB
ソス痰ヲソスホ、IDソスPソスソス "inbox.txt" ソスノ、IDソスQソスソス "profile.txt" ソスノマソスbソスvソスソスソストゑソスソスソスソスワゑソスソスBESAPI AccessReferenceMap ソスフようソスネ機ソス\ソスヘゑソスソスフ機ソス\ソスソス供ゑソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスF ソスTソスソスソスhソス{ソスbソスNソスXソスAJail
ソスvソスソスソスZソスXソスニオソスyソスソスソス[ソスeソスBソスソスソスOソスVソスXソスeソスソスソスフ間で鯉ソスソスdソスネ具ソスソスEソスソスソスソスソスソスソスソスソスソス "jail" ソスソスAソズ趣ソスソスソスソスソスTソスソスソスhソス{ソスbソスNソスXソスツ具ソスソスフ抵ソスソスナコソス[ソスhソスソスソスソスソスsソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスツ々ソスフデソスBソスソスソスNソスgソスソスソスノゑソスソスソスソストどのフソス@ソスCソスソスソスノ対ゑソスソスAソスNソスZソスXソスツ能ソスソスソスAソスソスソス驍「ソスヘ、ソスソスソスフソソスtソスgソスEソスFソスAソスノゑソスソスソストどのコソス}ソスソスソスhソスソスソスソスソスsソスツ能ソスソスソスソスソスソスソスハ的ソスノ撰ソスソスソスソスツ能ソスナゑソスソスB

OSソスソスソスxソスソスソスフ暦ソスニゑソスソスト、Unix chroot jailソスAAppArmor ソスyソスソス SELinux ソスソスソスソスソスソスソスソスソスワゑソスソスBソスソスハ的ソスノ、ソス}ソスlソス[ソスWソスhソスRソス[ソスhソスヘゑソスソスソスソスツゑソスソスフ防ソスソス@ソス\ソスソス供ゑソスソスワゑソスソスBソス痰ヲソスホ、Java SecurityManager ソスフ趣ソスソスソス java.io.FilePermission ソスヘ、ソスtソス@ソスCソスソスソスソスソスソスソスノゑソスソスソスソス髏ァソスソスソスソスソスwソス閧キソス驍アソスニゑソスソスツ能ソスナゑソスソスB

ソスソスソスソスヘ、ソスモゑソスソスしソスソスソスソスソスソスソスソスナはなゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスワゑソスソスAソスIソスyソスソスソス[ソスeソスBソスソスソスOソスVソスXソスeソスソスソスヨの費ソスQソスソスソスソスソス閧キソス驍セソスソスソスナゑソスソスソスAソスcソスソスフアソスvソスソスソスPソス[ソスVソスソスソスソスソスヘ侵ソスQソスフ対象のままでゑソスソスB

CWE-243 ソスyソスムゑソスソスフ托ソスソスソス jail ソスノ関連ソスソスソスソスニ弱性ソスフ会ソスソスソスノは抵ソスソスモゑソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスソスソス

ソス略ソスF ソスUソスソスソスハの難ソスソスソスニ縮ソスソス
ソスツ能ソスナゑソスソスソスホ、ソスソスソスCソスuソスソスソスソスソスtソス@ソスCソスソスソスAinclude ソスtソス@ソスCソスソスソスyソスムソスソス[ソスeソスBソスソスソスeソスBソスtソス@ソスCソスソスソスソス web ソスhソスLソスソスソスソスソスソスソスgソスソス root ソスフ外ソスノ保管ゑソスソストゑソスソスソスソスソスソスソスソスBソスソスソス驍「ソスヘ、ソスUソスソスソスメゑソスソスソスソスレゑソスソスソスソスフフソス@ソスCソスソスソスソスvソスソスソスソスソス驍アソスニゑソスhソスソスソスソスソス゚に、ソスソスソスソスソスソスソスソスソスfソスBソスソスソスNソスgソスソスソスノ保管ゑソス web ソスTソス[ソスoソスフアソスNソスZソスXソスソスソスソス@ソス\ソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスソスハ的ソスネ包ソスソス@ソスフ茨ソスツとゑソスソストは、ソスソスソス黷シソスソスフ呼び出ソスソスソスvソスソスソスOソスソスソスソスソスノ固抵ソスフ定数ソスソスソス`ソスソスソスAソスソスソスCソスuソスソスソスソスソスソス include ソスtソス@ソスCソスソスソスノ定数ソスソスソスソスソスンゑソスソス驍ゥソスソスソス`ソスFソスbソスNソスソスソスワゑソスソスBソスソスソスソスソス關費ソスソスソスソスソスンゑソスソスネゑソスソス鼾ソスAソスソスソスフフソス@ソスCソスソスソスヘ抵ソスソスレ要ソスソスソスソスソス黷スソスソスソスフでゑソスソスソスAソスソスソスソスソスノ終ソスソスソスソスソスツ能ソスナゑソスソスB

ソスソスソスソスノゑソスソスAソスUソスソスソスメゑソスinclude ソスtソス@ソスCソスソスソスソスソスノはなゑソスソスxソス[ソスXソスvソスソスソスOソスソスソスソスソスソスソスノゑソスソスソスAソスソスソスソスソスソスhソス艫ソスJソスjソスYソスソスソスソスソスソスソスソスソスソスソス@ソスソス著ゑソスソスソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスワゑソスソスAソスソスソスソスノゑソスソスSソスフにゑソスソスソスソスソスUソスソスソスツ能ソスネ面ゑソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスGソスソスソス[ソスソスソスbソスZソス[ソスWソスソスソスホ象となゑソスヌ者にとゑソスソストのみ有ソスvソスネ、ソスナ擾ソスソスソスソスフ詳細擾ソスしゑソスソスワまなゑソスソスソスソスニゑソスソスmソスFソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスbソスZソス[ソスWソスヘ適ソスxソスノ曖ソスソスソスノなゑソス謔、ソスoソスソスソスソスソスXソスソスソスソスソスKソスvソスソスソスソスソスソスワゑソスソスBソスGソスソスソス[ソスソスソスeソス判別ゑソスソスソスソスソス@ソスソスソスソスソスJソスソスソスソスKソスvソスヘ必ソスソスソスソスソスソスソスソスソスソスワゑソスソスソスBソスソスソスフようソスネ詳細擾ソスソスヘ攻ソスソスソスソスソスソスソスソスソスソスソスソス@ソスソス増やすソスソスソス゚の攻ソスソスソスソス@ソスフ会ソスソスヌに暦ソスソスpソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスソスソスソスソスAソスGソスソスソス[ソスソスソスレ細ゑソスヌ跡ゑソスソスソスKソスvソスソスソスソスソスソス鼾ソスAソスソスソスOソスソスソスbソスZソス[ソスWソスノ記ソス^ソスソスソスソス謔、ソスノゑソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスソスソスソスAソスUソスソスソスメゑソスソスソスソスOソスソスソスbソスZソス[ソスWソスソスソス{ソスソスソスツ能ソスナゑソスソスソス鼾ソスノ会ソスソスソスソスNソスソスソス驍ゥソスソスソスlソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスヌゑソスネ形ソスソスソスナゑソスソスソスソストゑソスソスpソスXソスソスソス[ソスhソスフようソスネ極費ソスソスが記ソス^ソスソスソスソス驍アソスニは費ソスソスソスソスソスラゑソスソスナゑソスソスBソスワゑソスソスAソスソスソス[ソスUソスソスソスソスソスLソスソスソスソスソスロゑソスソスニゑソスソスソスソスソスソスAソスUソスソスソスメに難ソスソスソスソスフ構ソスソスソスソスソスルのめゑソスソスソスソストゑソスソスワゑソスソス謔、ソスネ、ソスソスム撰ソスソスフなゑソスソスソスソスbソスZソス[ソスWソスノなゑソスネゑソスソス謔、ソスソスソスソスソストゑソスソスソスソスソスソスソスソスB

ソスpソスXソスgソスソスソスoソス[ソスTソスソスソスフ背ソスiソスノゑソスソスソスソスト、ソスpソスXソスフ擾ソスソスソスソスJソスソスソスソスソスソス謔、ソスネエソスソスソス[ソスソスソスbソスZソス[ソスWソスヘ、ソスUソスソスソスメにゑソスソスtソス@ソスCソスソスソスVソスXソスeソスソスソスKソスwソスソスソスレ難ソスソスソスソスソス謔、ソスネ攻ソスソスソスソスソスフ作成ソス促ゑソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソスソスソスソスソスム趣ソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
PHP ソスソスソスgソスpソスソスソストゑソスソスソス鼾ソスヘ、register_globals ソスソスソスgソスpソスソスソスネゑソスソス謔、ソスノアソスvソスソスソスPソス[ソスVソスソスソスソスソスソスン定しソストゑソスソスソスソスソスソスソスソスBソスソスソスソスソスノゑソスソスソスソストは、ソスソスソスフ機ソス\ソスノ暦ソスソスソスネゑソスソス謔、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスJソスソスソスソスソストゑソスソスソスソスソスソスソスソスBregister_globals ソスフ類趣ソスソス@ソス\ソスフ趣ソスソスソスソスノゑソスソスソスソストゑソス CWE-95ソスACWE-261 ソスyソスム類趣ソスソスソスソスソスニ弱性ソスフ対象となゑソスネゑソスソス謔、ソスxソスソスソスソスソストゑソスソスソスソスソスソスソスソスB

ソスソスソスフ托ソスソスフ補足

ソスsソスソスソスSソスネ脆弱性ソスフ包ソスソスヘまゑソスソスヘ報告にゑソスソスAソスeソスソスソスソス^ソスソスソス驤滂ソスソスフ難ソスソス閧ェソスソスソスソスネ場合ソスソスソスソスソスソスワゑソスソスBソス痰ヲソスホ、"..\" ソスノつゑソスソスト、ソスソスソスフ脆弱性ソスソスソスwソスEソスソスソスソスソスソスソスソスAソスソスソスlソスフ脆弱性ソスソスソスソスソスソス "../" ソスノつゑソスソストは鯉ソスソスリゑソスソストゑソスソスネゑソスソス鼾ソスソスソスソスソスソスワゑソスソスB

ソスネ会ソスソスフ搾ソスソスレのゑソスソスラての組ソスソスソスソスソスヘパソスXソスgソスソスソスoソス[ソスTソスソスソスフ茨ソスソスソスニなゑソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBCVE-2004-0325 ソスノて報告ゑソスソス黷ス "//../" ソスヘ、ソス齬暦ソスノはゑソスソスソスワゑソスソスソスB

ソスソスソスソスソスノゑソスソスソスソス髑シソスフ脆弱性ソスニの依托ソスソスヨ係

 

ソスヒ托ソスソスヨ係 ソスレ搾ソス
ソスニ暦ソスソスI ソスソスソスフ脆弱性ソスフ有ソスソスソスノ関係ソスソスソスソスソスAソスニ暦ソスソスソスソスト費ソスソスソス
ソスヒ托ソスソスI ソスソスソスフ脆弱性ソスソスソスソスソスンゑソスソス驍アソスニにゑソス阡ュソスソス

 

ソスヨ係ソスソス

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Category 21 Pathname Traversal and Equivalence Errors Development Concepts (primary)699
ChildOf Category 632 Weaknesses that Affect Files or Directories Resource-specific Weaknesses (primary)631
ChildOf Weakness Class 668 Exposure of Resource to Wrong Sphere Research Concepts1000
ChildOf Weakness Class 706 Use of Incorrectly-Resolved Name or Reference Research Concepts (primary)1000
ChildOf Category 715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference Weaknesses in OWASP Top Ten (2007) (primary)629
ChildOf Category 723 OWASP Top Ten 2004 Category A2 - Broken Access Control Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf Category 743 CERT C Secure Coding Section 09 - Input Output (FIO) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf Category 802 2010 Top 25 - Risky Resource Management Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800
ChildOf Category 813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References Weaknesses in OWASP Top Ten (2010)(primary)809
ParentOf Weakness Base 23 Relative Path Traversal Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 36 Absolute Path Traversal Development Concepts (primary)699
Research Concepts (primary)1000
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Weakness Class 20 Improper Input Validation Research Concepts1000
CanFollow Weakness Class 73 External Control of File Name or Path Research Concepts1000
CanFollow Weakness Class 172 Encoding Error Research Concepts1000

 

ソスヨ係ソスソスソスフ補足

ソスpソスXソスソスソスフ難ソスソスlソスヘ、ソスソスソスKソスソスソスGソスソスソス[ソスフ茨ソスソスニみなゑソスソスソスソス鼾ソスソスソスソスソスソスワゑソスソスB

ソスpソスXソスソスソスニ難ソスソスソスソスフ厄ソスソスフゑソスソスソスソスフゑソスソスソスソスツゑソスソスヘ、ソスソスソスレ的ソスノはデソスBソスソスソスNソスgソスソスソスgソスソスソスoソス[ソスTソスソスソスニ関係ソスヘなゑソスソスAソズゑソスソスソスAソスUソスソスソスメゑソスソスソスフフソス@ソスCソスソスソスAソスfソスBソスソスソスNソスgソスソスソスヨのアソスNソスZソスXソスツ否を判断ソスソスソス驍スソス゚のセソスLソスソスソスソスソスeソスBソスヨ連ソスフチソスFソスbソスNソスソスソスソスソスソスソスソス驍スソス゚に暦ソスソスpソスソスソスソストゑソスソスワゑソスソスB

ソスvソスソスソスソスソスソスソスソス ソスiCWE ソスフ鯉ソスソスソスソスj

ソスpソスXソスgソスソスソスoソス[ソスTソスソスソスUソスソスソスフ托ソスソスソスソスフ趣ソズにゑソスソスソスソストは、rootソスソスソスソスソスソスソスNソスソスソスソスソスソスソスフに関ゑソスソスト厄ソスソスソスソスソスソスソスソスソスソスナゑソスソスBCWE-790 ソスyソスソス CWE-182 ソスヘゑソスソスフギソスソスソスbソスvソスフ一部ソス埋め始ソス゚てゑソスソスワゑソスソスB

ソスeソスソスソスソスソスけゑソスVソスXソスeソスソスソスソスソス\ソス[ソスX

ソスtソス@ソスCソスソス/ソスfソスBソスソスソスNソスgソスソス

ソスヨ連ソスソスソスソスvソスソスソスpソスeソスB

Equivalence

ソス@ソス\ソスソスソスソス

ソスtソス@ソスCソスソスソスソスソスソス

ソスソスソスソスソスフ撰ソスソスソス

ソスソスソスm

ソスソスソスgソスDソスナの包ソスソスソス

 

ソスgソスDソスソスソスワゑソスソスヘ組ソスDソスナの包ソスソスソス ソスmソス[ソスh ID CWEソスフ包ソスソズとの適ソスソスソスx ソスソスソズ厄ソス
PLOVER Path Traversal
OWASP Top Ten 2007 A4 CWEソスフ包ソスソスソスソスレ搾ソス Insecure Direct Object Reference
OWASP Top Ten 2004 A2 CWEソスフ包ソスソスソスソスレ搾ソス Broken Access Control
CERT C Secure Coding FIO02-C Canonicalize path names originating from untrusted sources
WASC 33 Path Traversal

 

ソスヨ連ソスソスソスソスUソスソスソスpソス^ソス[ソスソス

 

CAPEC-ID ソスUソスソスソスpソス^ソス[ソスソスソスソス (CAPEC Version 1.5)
23 File System Function Injection, Content Based
64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
78 Using Escaped Slashes in Alternate Encoding
79 Using Slashes in Alternate Encoding
76 Manipulating Input to File System Calls
139 Relative Path Traversal

 

ソスQソスソス

[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 11, "Directory Traversal and Using Parent Paths (..)" Page 370. 2nd Edition. Microsoft. 2002.  
[REF-17] OWASP. "OWASP Enterprise Security API (ESAPI) Project". <http://www.owasp.org/index.php/ESAPI>.
OWASP. "Testing for Path Traversal (OWASP-AZ-001)". <http://www.owasp.org/index.php/Testing_for_Path_Traversal_(OWASP-AZ-001)>.
Johannes Ullrich. "Top 25 Series - Rank 7 - Path Traversal". SANS Software Security Institute. 2010-03-09. <http://blogs.sans.org/appsecstreetfighter/2010/03/09/top-25-series-rank-7-path-traversal/>.

ソスXソスVソスソスソスソス

[2011ソスN04ソスソス21ソスソス]
  2010ソスN10ソスソス12ソスソスソスソスソス_ソスフデソス[ソス^ソスソスソスソスソスノ更ソスV
[2009ソスN06ソスソス29ソスソス]
  2009ソスN02ソスソス02ソスソスソスソスソス_ソスフ会ソスソスL URL ソスソスソスソスソスノ作成
    http://cwe.mitre.org/data/definitions/22.html

ソスoソス^ソスソス 2011/04/21

ソスナ終ソスXソスVソスソス 2023/04/04

OSZAR »