Описание
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.11 (исключая)
cpe:2.3:a:troglobit:uftpd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01487
Низкий
6.5 Medium
CVSS3
7.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
github
больше 3 лет назад
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
EPSS
Процентиль: 81%
0.01487
Низкий
6.5 Medium
CVSS3
7.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-22
CWE-22