DEPRECATED: Pathname Traversal and Equivalence Errors
CVE-2016-1505
Summary
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-21 - DEPRECATED: Pathname Traversal and Equivalence Errors
This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).
References
Advisory Timeline
- Published