Path traversal vulnerabilities have been 'unforgivable' for decades - developers still haven't got the message
Briefly

from ITPro8 months ago
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have now issued an alert about the problem of directory traversal flaws, responding to recent incidents targeting healthcare organizations.
ITProhttps://www.itpro.com/software/development/path-traversal-vulnerabilities-have-been-unforgivable-for-decades-developers-still-havent-got-the-message
CISA said there were 55 directory traversal vulnerabilities listed in its Known Exploited Vulnerabilities (KEV) catalog, with examples like CVE-2024-1708 in ConnectWise ScreenConnect and CVE-2024-20345 in Cisco AppDynamics Controller.
ITProhttps://www.itpro.com/software/development/path-traversal-vulnerabilities-have-been-unforgivable-for-decades-developers-still-havent-got-the-message
Software companies are urged to test for similar flaws and implement mitigations, ensuring products are secure from vulnerabilities like directory traversal. Prevention involves building security into products from the beginning.
ITProhttps://www.itpro.com/software/development/path-traversal-vulnerabilities-have-been-unforgivable-for-decades-developers-still-havent-got-the-message
Read at ITPro
#directory-traversal #cybersecurity #vulnerabilities #security-testing #mitigations
[
|
]