Exploit Paths
Cases

Grounded exploit-path cases.

These pages make specific public cases legible as composed paths: what changed, what became reachable, what boundary mattered, and what qualifiers made the route survive.

Back to Reference Read the Thesis
How To Use These

Read the path first

Start with the route itself, not the weakness label. The case page is trying to show what became reachable and why.

How To Use These

Use qualifiers seriously

The strongest outcome is often conditional. Configuration, execution surfaces, and trust boundaries decide whether the route stays weak or becomes much stronger.

How To Use These

Map back to the library

Each case uses the same language as the public library, so the examples strengthen the model instead of creating a second vocabulary.

Grounded case

Apache HTTP Server: path traversal to execution

A path traversal and disclosure route became much stronger when CGI execution surfaces were exposed. This is the clearest public anchor for why the weakness label is not the whole story.

Strongest primitive

Reference control

Strongest outcome

Execution when the exposed route reaches a CGI surface

 Grounded case

Apache APISIX: route bypass and sphere crossing

Path normalization and route construction changed what protected routes became reachable. This is a strong public example of trust-boundary movement happening through routing logic rather than dramatic exploit chains.

Strongest primitive

Reference control

Strongest outcome

Protected route access and cross-sphere movement

 Grounded case

Apache Struts: input to execution

Attacker-controlled request data became code-like behavior. This case broadens the first case set beyond path and route control and shows direct execution influence clearly.

Strongest primitive

Execution influence

Strongest outcome

Remote code execution

 Grounded case

Apache Sling: path traversal to execution

A path traversal route in the Servlet Resolver could be turned into malicious code execution in vulnerable configurations. This case reinforces how environment and resolver behavior decide whether a route stays modest or becomes much stronger.

Strongest primitive

Reference control

Strongest outcome

Code execution in vulnerable configurations

 Grounded case

Dirty COW: state window to privilege gain

A race condition created a narrow state window that could be used to gain administrative privileges. This is the clearest grounded case for sequencing and timing manipulation in the current project.

Strongest primitive

Sequencing manipulation

Strongest outcome

Administrative privilege gain
Current scope

The first wave focuses on the clearest public teaching cases.

These pages are relationship-centered by design. Their job is to make exploit paths legible, not to mirror every field a future CVE detail page might carry.

Route placement

The first case pages live under the reference surface.

That keeps the first implementation close to the library and thesis until the case-page pattern is stable enough to stand as a larger public surface.