CVE-2005-1244

Опубликовано: 20 апр. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.

Ссылки

http://securitytracker.com/id?1013810
Exploit
Vendor Advisory
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
Exploit
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
http://securitytracker.com/id?1013810
Exploit
Vendor Advisory
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
Exploit
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netiq:pssecure:7.5:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00654

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-g47h-wpv4-rfwf

github

почти 4 года назад

** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable."