CVE-2004-2487

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) ".." (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.

Ссылки

http://secunia.com/advisories/11216
Vendor Advisory
http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
URL Repurposed
http://www.osvdb.org/4557
Exploit
http://www.securityfocus.com/bid/9970
Patch
http://www.securitytracker.com/alerts/2004/Mar/1009545.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
http://secunia.com/advisories/11216
Vendor Advisory
http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
URL Repurposed
http://www.osvdb.org/4557
Exploit
http://www.securityfocus.com/bid/9970
Patch
http://www.securitytracker.com/alerts/2004/Mar/1009545.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/15594

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nexgen:nexgen_ftp_server:1.0:*:*:*:*:*:*:*

cpe:2.3:a:nexgen:nexgen_ftp_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:nexgen:nexgen_ftp_server:2.1:*:*:*:*:*:*:*

cpe:2.3:a:nexgen:nexgen_ftp_server:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04312

Низкий

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-4h4f-vwmm-9jhr

github

почти 4 года назад

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.