SYM_JAVA_0060 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The application uses user-supplied input to build file paths without proper validation, allowing attackers to manipulate the path (e.g., using '../') and access files outside the intended directory. This can occur when handling file operations based on data from HTTP requests.
Impact
If exploited, attackers could read, modify, or overwrite sensitive files on the server, potentially exposing confidential data or disrupting application functionality. This can lead to data breaches, loss of integrity, or complete server compromise.