Learn the basics

understand fundamentals

Kick start your mastery of Path Traversal with free learning resources

Path Traversal

What is this vulnerability?

Path Traversal vulnerabilities happen when an application fails to normalize a path before using it, allowing for the traversal to other unintended folders/files. In the case of the Apache HTTP server, they introduced a new path normalization function in 2.4.48 which did not correctly normalize encoded paths.

Where does this vulnerability usually arise?

When dealing with filenames/paths, you can run the risk of Path Traversal if you do not properly normalize the path. This should be done with a trusted function from the language/framework that you use, as they will take into account the different types of patterns that can lead to a Path Traversal vulnerability.

Experience the impact