Описание
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (....) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.
Ссылки
- ProductVendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ProductVendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.29681
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date.
EPSS
Процентиль: 96%
0.29681
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22