DETECTION OVERVIEW

Unusual HTTP Path Traversal Activity

Risk Factors

Path traversal attempts are relatively easy to perform with attack tools. Most operating systems block unauthorized access to valuable files. However, when a path traversal attempt is paired with other vulnerabilities, an attacker might be able to run arbitrary code, steal credentials, or steal sensitive information.

The system might change the risk score for this detection.

Kill Chain

Exploitation

Risk Score

Attack Background

Path traversal is a technique that exploits web application vulnerabilities, enabling attackers to access restricted files or directories outside of a web root folder. First, the attacker constructs a URI that includes a file name and a sequence of characters in the file path, such as .. or ../ (..%2F when encoded in HTML). These character sequences instruct the server to retrieve the file from a parent directory. Next, the attacker submits the modified URI within an HTTP request to the web application. If there is insufficient input validation or access controls, the application traverses up the directory to retrieve the file and deliver it to the attacker.

Mitigation Options

Enforce input validation
Normalize characters within URI requests for files or directories
Review access controls to ensure that only necessary users can connect to important directories

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases