DEPRECATED: Pathname Traversal and Equivalence Errors

CVE-2016-1505

High

10/10

Summary

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-21 - DEPRECATED: Pathname Traversal and Equivalence Errors

This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).

References

Mail Thread
Pull request
Release Note

Advisory Timeline

Published Feb 03, 2016

DEPRECATED: Pathname Traversal and Equivalence Errors

CVE-2016-1505

Summary

CWE-21 - DEPRECATED: Pathname Traversal and Equivalence Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS