Описание
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1_rc11:*:*:*:*:*:*:*
cpe:2.3:a:texas_imperial_software:wftpd:2.4.1_rc12:*:*:*:*:*:*:*
cpe:2.3:a:texas_imperial_software:wftpd:2.34:*:*:*:*:*:*:*
cpe:2.3:a:texas_imperial_software:wftpd:2.40:*:*:*:*:*:*:*
cpe:2.3:a:texas_imperial_software:wftpd_pro:2.41_rc12:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.0073
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
EPSS
Процентиль: 72%
0.0073
Низкий
5 Medium
CVSS2
Дефекты
CWE-200