Détail du CWE-182

CWE-182

Collapse of Data into Unsafe Value
Draft
2006-07-19
00h00 +00:00
2025-04-03
00h00 +00:00
CWE Mitre.org
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Collapse of Data into Unsafe Value

The product filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security property.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Conséquences courantes

Portée Impact Probabilité
Access ControlBypass Protection Mechanism

Exemples observés

Références Description

CVE-2004-0815

"/.////" in pathname collapses to absolute path.

CVE-2005-3123

"/.//..//////././" is collapsed into "/.././" after ".." and "//" sequences are removed.

CVE-2002-0325

".../...//" collapsed to "..." due to removal of "./" in web server.

CVE-2002-0784

chain: HTTP server protects against ".." but allows "." variants such as "////./../.../". If the server removes "/.." sequences, the result would collapse into an unsafe value "////../" (CWE-182).

CVE-2005-2169

MFV. Regular expression intended to protect against directory traversal reduces ".../...//" to "../".

CVE-2001-1157

XSS protection mechanism strips a