Описание
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
Ссылки
- PatchVendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:david_madore:ftpd-bsd:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:david_madore:ftpd-bsd:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.59987
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
почти 25 лет назад
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
github
почти 4 года назад
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
EPSS
Процентиль: 98%
0.59987
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other