CVE-2004-2487

Sažetak

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.

Reference

http://secunia.com/advisories/11216
http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
http://www.osvdb.org/4557
http://www.securityfocus.com/bid/9970
http://www.securitytracker.com/alerts/2004/Mar/1009545.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15594

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

31-12-2004 - 05:00