Path Traversal (Directory Traversal) — Accessing Files Outside Intended Directories
Path Traversal, also known as Directory Traversal, is a vulnerability that allows attackers to access files and directories outside the intended application root. This SECMONS glossary entry explains how path traversal works, its impact, and how defenders should prevent and detect it.
What Is Path Traversal? 🧠
Path Traversal, also known as Directory Traversal, is a vulnerability that allows attackers to access files outside the intended directory structure of an application.
It is formally classified as CWE-22 — Improper Limitation of a Pathname to a Restricted Directory under the /glossary/cwe/ taxonomy.
When publicly disclosed, path traversal vulnerabilities receive a /glossary/cve/ identifier and are evaluated using /glossary/cvss/.
How Path Traversal Works 🔎
Path traversal typically occurs when an application:
- Accepts user-supplied file paths.
- Concatenates them directly into file system operations.
- Fails to properly validate or restrict directory access.
Attackers may insert sequences such as:
../
This instructs the system to navigate up one directory level.
By chaining such sequences, attackers may access sensitive files outside the intended application directory.
What Attackers Can Access 🎯
Successful exploitation may allow access to:
- Configuration files
- Database credentials
- System password files
- Application source code
- Private keys
- Backup files
In some cases, path traversal can escalate into:
- File write operations
- Remote code execution
- Persistence mechanisms
These outcomes may intersect with:
Path Traversal vs Other File-Based Vulnerabilities 🔄
| Vulnerability | Core Issue |
|---|---|
| Path Traversal | Accessing unintended directories |
| File Inclusion | Including unintended files in execution |
| Command Injection | Executing OS commands |
| SQL Injection | Manipulating database queries |
While path traversal often begins as information disclosure, impact depends on file permissions and environment configuration.
Real-World Context 🔬
Path traversal vulnerabilities frequently appear in:
- Web applications
- File download endpoints
- Archive extraction tools
- Backup utilities
- API file retrieval functions
If confirmed as /glossary/exploited-in-the-wild/ or included in /glossary/known-exploited-vulnerabilities-kev/, remediation urgency increases significantly.
Defensive Considerations 🛡️
Mitigation strategies include:
- Strict input validation
- Canonical path resolution
- Whitelisting allowed directories
- Enforcing least privilege file permissions
- Avoiding direct concatenation of user input into file paths
- Logging abnormal file access attempts
Operational hardening guidance for file access controls is typically documented under:
Why SECMONS Includes Path Traversal Clearly 📌
Path traversal vulnerabilities may appear simple, but they can expose sensitive infrastructure details or credentials that enable deeper compromise.
Understanding how directory restrictions fail helps defenders assess exposure accurately.
Authoritative References 📎
- MITRE CWE-22 Entry: https://cwe.mitre.org/data/definitions/22.html
- OWASP Path Traversal Overview: https://owasp.org/