CVE-2001-1109 - Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal dire

CVE-2001-1109

Summary

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.

References

http://www.securityfocus.com/archive/1/213647
http://www.securityfocus.com/bid/3331
http://www.securityfocus.com/bid/3333
http://www.eftp.org/releasehistory.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7114
https://exchange.xforce.ibmcloud.com/vulnerabilities/7113

Vulnerable Configurations

cpe:2.3:a:khamil_landross_and_zack_jones:eftp:2.0.7.337:*:*:*:*:*:*:*
cpe:2.3:a:khamil_landross_and_zack_jones:eftp:2.0.7.337:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3331 3333
bugtraq	20010912 EFTP Version 2.0.7.337 vulnerabilities
misc	http://www.eftp.org/releasehistory.html
xf	eftp-list-directory-traversal(7113) eftp-quote-reveal-information(7114)

Last major update

14-02-2024 - 01:17

Published

12-09-2001 - 04:00

Last modified

14-02-2024 - 01:17