Path Traversal definition in Cybersecurity
Path Traversal attacks exploit web application vulnerabilities that allow attackers to access directories and files stored outside the web root folder. By manipulating variables that reference files with dot-dot-slash (../) sequences, attackers can read, modify, or execute files on the server that they are not supposed to access.
Notable Incidents
- Apache Tomcat Path Traversal and Code Execution - Attackers exploited a path traversal vulnerability in Apache Tomcat to execute arbitrary code.
- CVE-2020-8816 Pi-hole Remote Code Execution - A vulnerability allowing remote attackers to execute arbitrary code via the web interface.
How to Protect Your Network against Path Traversal
- Implement input validation to reject suspicious or unexpected input.
- Use proper security controls and access permissions for files and directories.