English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CWE-182 Detail

CWE-182

Collapse of Data into Unsafe Value
Draft
2006-07-19 00:00 +00:00
2023-06-29 00:00 +00:00
CWE Mitre.org

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Collapse of Data into Unsafe Value

The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.

Informations

Modes Of Introduction

Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
Access ControlBypass Protection Mechanism

Observed Examples

Reference Description
CVE-2004-0815"/.////" in pathname collapses to absolute path.
CVE-2005-3123"/.//..//////././" is collapsed into "/.././" after ".." and "//" sequences are removed.
CVE-2002-0325".../...//" collapsed to "..." due to removal of "./" in web server.
CVE-2002-0784chain: HTTP server protects against ".." but allows "." variants such as "////./../.../". If the server removes "/.." sequences, the result would collapse into an unsafe value "////../" (CWE-182).
CVE-2005-2169MFV. Regular expression intended to protect against directory traversal reduces ".../...//" to "../".
CVE-2001-1157XSS protection mechanism strips a