热门标签
热门文章
- 1openai接口调用-如何接入openai获取 api key_获取 openai key
- 2嵌入式软件开发工程师就业发展前景怎么样?
- 3禁用el-tabs组件自带的键盘切换功能_element-plus 禁止键盘上下左右
- 4机器视觉三维点云分析系统3DPCAgent_3d点云数据测量系统架构
- 5ggplot 图像的保存_error in usemethod("grid.draw") : no applicable me
- 6120款超浪漫❤HTML5七夕情人节表白网页源码❤ HTML+CSS+JavaScript_浪漫网页
- 7Pytorch下查看各层名字及根据layers的name冻结层进行finetune训练;_model = net().cuda() for name, param in model.name
- 8《Python从入门到实践》外星人入侵学习笔记_python外星人入侵 求助 不按play键 一直处于活动状态
- 9Dump分析模式1: Multiple Exceptions(多线程异常)_multipe exceptions
- 10PyQtChart进行柱状图、饼图的基本设置_pyqt5 炫酷饼状图
当前位置: article > 正文
网络安全风向标_nginx improper limitation of a pathname to a restr
作者:你好赵伟 | 2024-02-25 22:51:10
赞
踩
nginx improper limitation of a pathname to a restricted directory
CWE Top 25
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
| Rank | ID | Name | Score | 2020 Rank Change |
|---|---|---|---|---|
| [1] | CWE-787 | Out-of-bounds Write | 65.93 | +1 |
| [2] | CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 46.84 | -1 |
| [3] | CWE-125 | Out-of-bounds Read | 24.9 | +1 |
| [4] | CWE-20 | Improper Input Validation | 20.47 | -1 |
| [5] | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 19.55 | +5 |
| [6] | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 19.54 | 0 |
| [7] | CWE-416 | Use After Free | 16.83 | +1 |
| [8] | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 14.69 | +4 |
| [9] | CWE-352 | Cross-Site Request Forgery (CSRF) | 14.46 | 0 |
| [10] | CWE-434 | Unrestricted Upload of File with Dangerous Type | 8.45 | +5 |
| [11] | CWE-306 | Missing Authentication for Critical Function | 7.93 | +13 |
| [12] | CWE-190 | Integer Overflow or Wraparound | 7.12 | -1 |
| [13] | CWE-502 | Deserialization of Untrusted Data | 6.71 | +8 |
| [14] | CWE-287 | Improper Authentication | 6.58 | 0 |
| [15] | CWE-476 | NULL Pointer Dereference | 6.54 | -2 |
| [16] | CWE-798 | Use of Hard-coded Credentials | 6.27 | +4 |
| [17] | CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | 5.84 | -12 |
| [18] | CWE-862 | Missing Authorization | 5.47 | +7 |
| [19] | CWE-276 | Incorrect Default Permissions | 5.09 | +22 |
| [20] | CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 4.74 | -13 |
| [21] | CWE-522 | Insufficiently Protected Credentials | 4.21 | -3 |
| [22] | CWE-732 | Incorrect Permission Assignment for Critical Resource | 4.2 | -6 |
| [23] | CWE-611 | Improper Restriction of XML External Entity Reference | 4.02 | -4 |
| [24] | CWE-918 | Server-Side Request Forgery (SSRF) | 3.78 | +3 |
| [25] | CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | 3.58 | +6 |
OWASP Top 10
https://owasp.org/www-project-top-ten/
推荐阅读
![成功解决:nginx: [emerg] unexpected “}“ in /etc/nginx/c](https://img-blog.csdnimg.cn/10b43412bc5347839223b18747cccd3c.png?x-oss-process=image/resize,m_fixed,h_300,image/format,png)
相关标签
