CVE-2011-4800

Sažetak

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html
http://secunia.com/advisories/47021
http://www.exploit-db.com/exploits/18182
http://www.serv-u.com/releasenotes/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

28-07-2020 - 14:51

Objavljeno

14-12-2011 - 00:55