CVE-2005-1485 - Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request

CVE-2005-1485

Summary

Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.

References

http://marc.info/?l=bugtraq&m=111530871716145&w=2
http://secunia.com/advisories/15175/
https://exchange.xforce.ibmcloud.com/vulnerabilities/20674

Vulnerable Configurations

cpe:2.3:a:kmint21_software:golden_ftp_server:2.52:*:*:*:*:*:*:*
cpe:2.3:a:kmint21_software:golden_ftp_server:2.52:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20050504 Golden Ftp Server Pro - Directory Traversal Vuln
secunia	15175
xf	goldenftp-information-disclosure(20674)

Last major update

11-07-2017 - 01:32

Published

11-05-2005 - 04:00

Last modified

11-07-2017 - 01:32