CAPEC-649
Adding a Space to a File Extension
Bas
Moyen
Draft
2018-05-31
00h00 +00:00
00h00 +00:00
2020-07-30
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.
Informations du CAPEC
Conditions préalables
The use of the file must be controlled by the file extension.Atténuations
File extensions should be checked to see if non-visible characters are being included.Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-46 |
Path Equivalence: 'filename ' (Trailing Space) The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
