CAPEC-649

Adding a Space to a File Extension
Bas
Moyen
Draft
2018-05-31
00h00 +00:00
2020-07-30
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.

Informations du CAPEC

Conditions préalables

The use of the file must be controlled by the file extension.

Atténuations

File extensions should be checked to see if non-visible characters are being included.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-46

Path Equivalence: 'filename ' (Trailing Space)
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2018-05-31 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Taxonomy_Mappings