CVE-2004-2747

Sažetak

Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not.

Reference

http://secunia.com/advisories/10661
http://www.osvdb.org/3574
http://www.securityfocus.com/archive/1/350224/30/21640/threaded
http://www.securityfocus.com/bid/9443
http://www.securitytracker.com/id?1008756

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:30

Objavljeno

31-12-2004 - 05:00