Security News > 2024 > May > CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
Attackers can exploit path traversal vulnerabilities to create or overwrite critical files used to execute code or bypass security mechanisms like authentication.
"Vulnerabilities like directory traversal have been called 'unforgivable' since at least 2007. Despite this finding, directory traversal vulnerabilities are still prevalent classes of vulnerability."
Path vulnerabilities took the eighth spot in MITRE's top 25 most dangerous software weaknesses, surpassed by out-of-bounds write, cross-site scripting, SQL injection, use-after-free, OS command injection, and out-of-bound read flaws.
In March, CISA and the FBI issued another "Secure by Design" alert urging executives of software manufacturing companies to implement mitigations to prevent SQL injection security vulnerabilities.
CISA urges software devs to weed out SQL injection vulnerabilities.
News URL
Related news
- CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise (source)
- Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities (source)
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)