All the vulnerabilites related to SolarWinds - Serv-U File Server
var-200810-0277
Vulnerability from variot
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. Serv-U is prone to a directory traversal vulnerability. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: Serv-U File Renaming Directory Traversal and STOU Denial of Service
SECUNIA ADVISORY ID: SA32150
VERIFY ADVISORY: http://secunia.com/advisories/32150/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Serv-U File Server 7.x http://secunia.com/advisories/product/19573/
DESCRIPTION: dmnt has discovered two vulnerabilities in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) An error in the handling of the "STOU" FTP command can be exploited to exhaust available CPU resources via a specially crafted argument (e.g. "CON:1").
The vulnerabilities are confirmed in version 7.3.0.0. Other versions may also be affected.
SOLUTION: Restrict access to the FTP service.
PROVIDED AND/OR DISCOVERED BY: dmnt
ORIGINAL ADVISORY: http://milw0rm.com/exploits/6660 http://milw0rm.com/exploits/6661
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0277", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 7.2.0.1 including 7.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "CNNVD", "id": "CNNVD-200810-127" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "84767" } ], "trust": 0.3 }, "cve": "CVE-2008-4501", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2008-4501", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-4501", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2008-4501", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200810-127", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "CNNVD", "id": "CNNVD-200810-127" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command. Serv-U is prone to a directory traversal vulnerability. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U File Renaming Directory Traversal and STOU Denial of Service\n\nSECUNIA ADVISORY ID:\nSA32150\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32150/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nServ-U File Server 7.x\nhttp://secunia.com/advisories/product/19573/\n\nDESCRIPTION:\ndmnt has discovered two vulnerabilities in Serv-U, which can be\nexploited by malicious users to cause a DoS (Denial of Service) or\ncompromise a vulnerable system. \n\n1) An error in the handling of the \"STOU\" FTP command can be\nexploited to exhaust available CPU resources via a specially crafted\nargument (e.g. \"CON:1\"). \n\nThe vulnerabilities are confirmed in version 7.3.0.0. Other versions\nmay also be affected. \n\nSOLUTION:\nRestrict access to the FTP service. \n\nPROVIDED AND/OR DISCOVERED BY:\ndmnt\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/6660\nhttp://milw0rm.com/exploits/6661\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-4501" }, { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "BID", "id": "84767" }, { "db": "PACKETSTORM", "id": "70630" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-4501", "trust": 2.7 }, { "db": "EXPLOIT-DB", "id": "6661", "trust": 2.0 }, { "db": "SREASON", "id": "4378", "trust": 1.9 }, { "db": "SECUNIA", "id": "32150", "trust": 1.8 }, { "db": "VUPEN", "id": "ADV-2008-2746", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2008-006296", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200810-127", "trust": 0.6 }, { "db": "BID", "id": "84767", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "6660", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70630", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "84767" }, { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-127" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "id": "VAR-200810-0277", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:00:09.355000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://securityreason.com/securityalert/4378" }, { "trust": 1.6, "url": "https://www.exploit-db.com/exploits/6661" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/2746" }, { "trust": 1.6, "url": "http://secunia.com/advisories/32150" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4501" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4501" }, { "trust": 0.3, "url": "http://www.milw0rm.com/exploits/6661" }, { "trust": 0.1, "url": "http://milw0rm.com/exploits/6660" }, { "trust": 0.1, "url": "http://secunia.com/binary_analysis/sample_analysis/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/32150/" }, { "trust": 0.1, "url": "http://milw0rm.com/exploits/6661" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/19573/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "84767" }, { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-127" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "84767" }, { "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-127" }, { "db": "NVD", "id": "CVE-2008-4501" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-10-08T00:00:00", "db": "BID", "id": "84767" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "date": "2008-10-06T22:35:25", "db": "PACKETSTORM", "id": "70630" }, { "date": "2008-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-127" }, { "date": "2008-10-09T00:00:01.213000", "db": "NVD", "id": "CVE-2008-4501" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-10-08T00:00:00", "db": "BID", "id": "84767" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006296" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-127" }, { "date": "2024-11-21T00:51:49.993000", "db": "NVD", "id": "CVE-2008-4501" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-127" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U of FTP Server traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006296" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-127" } ], "trust": 0.6 } }
var-200911-0180
Vulnerability from variot
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U 9.0.0.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA37228
VERIFY ADVISORY: http://secunia.com/advisories/37228/
DESCRIPTION: Nikolas Rangos has discovered a vulnerability in Serv-U, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the included HTTP server when processing certain cookies. This can be exploited to cause a stack-based buffer overflow by sending a malicious HTTP request containing a specially crafted cookie to the server.
The vulnerability is confirmed in version 9.0.0.5.
SOLUTION: Filter malicious requests using a proxy.
PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos, KC Security.
ORIGINAL ADVISORY: http://www.rangos.de/ServU-ADV.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.5" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.3" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.3" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.4" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.3" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.5" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.1.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.2" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.1" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.7" }, { "_id": null, "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "_id": null, "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1" }, { "_id": null, "model": "serv-u ftp server", "scope": "lt", "trust": 0.8, "vendor": "rhino", "version": "9.0.0.5 and 9.1.0.0" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.0.0.3" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.1.0.3" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.0.0.1" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.0.0.5" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.1.0.0" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.2.0.1" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.1.0.1" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.4" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.2.0.0" }, { "_id": null, "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.1" }, { "_id": null, "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "9.0.5" }, { "_id": null, "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "9.0.0.1" }, { "_id": null, "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "9.1.0.0" } ], "sources": [ { "db": "BID", "id": "37051" }, { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "CNNVD", "id": "CNNVD-200911-216" }, { "db": "NVD", "id": "CVE-2009-4006" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006477" } ] }, "credits": { "_id": null, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "82525" }, { "db": "CNNVD", "id": "CNNVD-200911-216" } ], "trust": 0.7 }, "cve": "CVE-2009-4006", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2009-4006", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-4006", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2009-4006", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200911-216", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "CNNVD", "id": "CNNVD-200911-216" }, { "db": "NVD", "id": "CVE-2009-4006" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nServ-U 9.0.0.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nRhinoSoft Serv-U Cookie Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA37228\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37228/\n\nDESCRIPTION:\nNikolas Rangos has discovered a vulnerability in Serv-U, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error within the\nincluded HTTP server when processing certain cookies. This can be\nexploited to cause a stack-based buffer overflow by sending a\nmalicious HTTP request containing a specially crafted cookie to the\nserver. \n\nThe vulnerability is confirmed in version 9.0.0.5. \n\nSOLUTION:\nFilter malicious requests using a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nNikolaos Rangos, KC Security. \n\nORIGINAL ADVISORY:\nhttp://www.rangos.de/ServU-ADV.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-4006" }, { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "BID", "id": "37051" }, { "db": "PACKETSTORM", "id": "82525" } ], "trust": 1.98 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2009-4006", "trust": 2.4 }, { "db": "BID", "id": "37051", "trust": 1.9 }, { "db": "SECUNIA", "id": "37228", "trust": 1.7 }, { "db": "OSVDB", "id": "60427", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2009-3277", "trust": 1.6 }, { "db": "SECTRACK", "id": "1023199", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2009-006477", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200911-216", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "82525", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "37051" }, { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "PACKETSTORM", "id": "82525" }, { "db": "CNNVD", "id": "CNNVD-200911-216" }, { "db": "NVD", "id": "CVE-2009-4006" } ] }, "id": "VAR-200911-0180", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:27:44.655000Z", "patch": { "_id": null, "data": [ { "title": "Serv-U FTP Server Release Notes", "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006477" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "NVD", "id": "CVE-2009-4006" } ] }, "references": { "_id": null, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2009/3277" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1023199" }, { "trust": 1.6, "url": "http://secunia.com/advisories/37228" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322" }, { "trust": 1.6, "url": "http://www.osvdb.org/60427" }, { "trust": 1.6, "url": "http://www.serv-u.com/releasenotes/" }, { "trust": 1.6, "url": "http://secunia.com/secunia_research/2009-46/" }, { "trust": 1.6, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6142" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/37051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4006" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4006" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "/archive/1/507955" }, { "trust": 0.1, "url": "http://www.rangos.de/servu-adv.txt" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/37228/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "37051" }, { "db": "JVNDB", "id": "JVNDB-2009-006477" }, { "db": "PACKETSTORM", "id": "82525" }, { "db": "CNNVD", "id": "CNNVD-200911-216" }, { "db": "NVD", "id": "CVE-2009-4006" } ] }, "sources": { "_id": null, "data": [ { "db": "BID", "id": "37051", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2009-006477", "ident": null }, { "db": "PACKETSTORM", "id": "82525", "ident": null }, { "db": "CNNVD", "id": "CNNVD-200911-216", "ident": null }, { "db": "NVD", "id": "CVE-2009-4006", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2009-11-18T00:00:00", "db": "BID", "id": "37051", "ident": null }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-006477", "ident": null }, { "date": "2009-11-06T13:23:17", "db": "PACKETSTORM", "id": "82525", "ident": null }, { "date": "2009-11-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-216", "ident": null }, { "date": "2009-11-20T11:30:00.297000", "db": "NVD", "id": "CVE-2009-4006", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2009-11-18T17:56:00", "db": "BID", "id": "37051", "ident": null }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-006477", "ident": null }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200911-216", "ident": null }, { "date": "2024-11-21T01:08:43.083000", "db": "NVD", "id": "CVE-2009-4006", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-216" } ], "trust": 0.6 }, "title": { "_id": null, "data": "RhinoSoft Serv-U FTP Server TEA Decoding algorithm stack-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006477" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200911-216" } ], "trust": 0.6 } }
var-200411-0127
Vulnerability from variot
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. SolarWinds of Serv-U File Server Exists in a buffer error vulnerability.None. The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0127", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.8, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "lte", "trust": 0.8, "vendor": "solarwinds", "version": "5.0.0.0 and earlier" }, { "model": "serv-u file server", "scope": "eq", "trust": 0.8, "vendor": "solarwinds", "version": null }, { "model": "serv-u file server", "scope": null, "trust": 0.8, "vendor": "solarwinds", "version": null }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.9" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.6" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" } ], "sources": [ { "db": "BID", "id": "9751" }, { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "CNNVD", "id": "CNNVD-200411-118" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "bkbll bkbll@cnhonker.net", "sources": [ { "db": "CNNVD", "id": "CNNVD-200411-118" } ], "trust": 0.6 }, "cve": "CVE-2004-0330", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2004-0330", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-0330", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2004-0330", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200411-118", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "CNNVD", "id": "CNNVD-200411-118" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. SolarWinds of Serv-U File Server Exists in a buffer error vulnerability.None. \nThe problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user", "sources": [ { "db": "NVD", "id": "CVE-2004-0330" }, { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "BID", "id": "9751" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2004-0330", "trust": 3.5 }, { "db": "BID", "id": "9751", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2004-000835", "trust": 0.8 }, { "db": "NSFOCUS", "id": "6078", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200411-118", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "9751" }, { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "CNNVD", "id": "CNNVD-200411-118" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "id": "VAR-200411-0127", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T14:59:24.952000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125157" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200411-118" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://marc.info/?l=bugtraq\u0026m=107781164214399\u0026w=2" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/9751" }, { "trust": 2.4, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15323" }, { "trust": 1.6, "url": "http://www.cnhonker.com/advisory/serv-u.mdtm.txt" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0330" }, { "trust": 0.6, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0330" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/6078" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "http://support.coresecurity.com/impact/exploits/c4bfbbd959bb266cfce95908cc920d4a.html" }, { "trust": 0.3, "url": "/archive/1/355367" }, { "trust": 0.3, "url": "/archive/1/355537" } ], "sources": [ { "db": "BID", "id": "9751" }, { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "CNNVD", "id": "CNNVD-200411-118" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "9751" }, { "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "db": "CNNVD", "id": "CNNVD-200411-118" }, { "db": "NVD", "id": "CVE-2004-0330" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-02-26T00:00:00", "db": "BID", "id": "9751" }, { "date": "2024-06-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "date": "2004-02-26T00:00:00", "db": "CNNVD", "id": "CNNVD-200411-118" }, { "date": "2004-11-23T05:00:00", "db": "NVD", "id": "CVE-2004-0330" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-07-12T03:06:00", "db": "BID", "id": "9751" }, { "date": "2024-06-03T09:35:00", "db": "JVNDB", "id": "JVNDB-2004-000835" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200411-118" }, { "date": "2020-07-28T14:34:30.313000", "db": "NVD", "id": "CVE-2004-0330" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200411-118" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds\u00a0 of \u00a0Serv-U\u00a0File\u00a0Server\u00a0 Buffer error vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2004-000835" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200411-118" } ], "trust": 0.6 } }
var-200102-0026
Vulnerability from variot
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write, execute and list access in the home directory will have the same permissions to any file which resides on the same partition as the ftproot, once a user is in the home directory they can successfully transfer any files using specially crafted GET requests. All hidden files will be revealed even if the 'Hide hidden files' feature is on. Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200102-0026", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "soft serv-u", "scope": "eq", "trust": 0.3, "vendor": "cat", "version": "2.5" }, { "model": "soft serv-u", "scope": "eq", "trust": 0.3, "vendor": "cat", "version": "2.4" }, { "model": "soft serv-u i", "scope": "ne", "trust": 0.3, "vendor": "cat", "version": "2.5" } ], "sources": [ { "db": "BID", "id": "2052" }, { "db": "CNNVD", "id": "CNNVD-200102-085" }, { "db": "NVD", "id": "CVE-2001-0054" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zoa_Chien\u203b zoachien@securax.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" } ], "trust": 0.6 }, "cve": "CVE-2001-0054", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2001-0054", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2001-0054", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200102-085", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" }, { "db": "NVD", "id": "CVE-2001-0054" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as \"/..%20.\" to a CD command, a variant of a .. (dot dot) attack. FTP Serv-U is an internet FTP server from CatSoft. \nAuthenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write, execute and list access in the home directory will have the same permissions to any file which resides on the same partition as the ftproot, once a user is in the home directory they can successfully transfer any files using specially crafted GET requests. All hidden files will be revealed even if the \u0027Hide hidden files\u0027 feature is on. \nSuccessful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host", "sources": [ { "db": "NVD", "id": "CVE-2001-0054" }, { "db": "BID", "id": "2052" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "2052", "trust": 1.9 }, { "db": "OSVDB", "id": "464", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2001-0054", "trust": 1.6 }, { "db": "NSFOCUS", "id": "1094", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200102-085", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "2052" }, { "db": "CNNVD", "id": "CNNVD-200102-085" }, { "db": "NVD", "id": "CVE-2001-0054" } ] }, "id": "VAR-200102-0026", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T15:31:20.828000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125162" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2001-0054" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/2052" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5639" }, { "trust": 1.6, "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=97604119024280\u0026w=2" }, { "trust": 1.6, "url": "http://www.osvdb.org/464" }, { "trust": 0.6, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0054" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/1094" }, { "trust": 0.3, "url": "http://ftpservu.deerfield.com/" } ], "sources": [ { "db": "BID", "id": "2052" }, { "db": "CNNVD", "id": "CNNVD-200102-085" }, { "db": "NVD", "id": "CVE-2001-0054" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "2052" }, { "db": "CNNVD", "id": "CNNVD-200102-085" }, { "db": "NVD", "id": "CVE-2001-0054" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2000-12-05T00:00:00", "db": "BID", "id": "2052" }, { "date": "2000-12-06T00:00:00", "db": "CNNVD", "id": "CNNVD-200102-085" }, { "date": "2001-02-16T05:00:00", "db": "NVD", "id": "CVE-2001-0054" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2000-12-05T00:00:00", "db": "BID", "id": "2052" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200102-085" }, { "date": "2020-07-28T14:34:00.110000", "db": "NVD", "id": "CVE-2001-0054" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Path traversal vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200102-085" } ], "trust": 0.6 } }
var-200903-0481
Vulnerability from variot
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a .. (backslash dot dot) in an MKD request. RhinoSoft Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/
Click here to trial our solutions: http://secunia.com/advisories/try_vi/
TITLE: Serv-U "MKD" Directory Traversal Vulnerability
SECUNIA ADVISORY ID: SA34329
VERIFY ADVISORY: http://secunia.com/advisories/34329/
DESCRIPTION: A vulnerability has been discovered in Serv-U, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an error when processing "MKD" commands.
The vulnerability is confirmed in version 7.4.0.1.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Jonathan Salwan
ORIGINAL ADVISORY: http://milw0rm.com/exploits/8211
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200903-0481", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "7.4.0.1" } ], "sources": [ { "db": "BID", "id": "34125" }, { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "CNNVD", "id": "CNNVD-200903-350" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005897" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Salwan submit@shell-storm.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-350" } ], "trust": 0.6 }, "cve": "CVE-2009-1031", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2009-1031", "impactScore": 6.9, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-1031", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2009-1031", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200903-350", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "CNNVD", "id": "CNNVD-200903-350" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a \\.. (backslash dot dot) in an MKD request. RhinoSoft Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. \nServ-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U \"MKD\" Directory Traversal Vulnerability\n\nSECUNIA ADVISORY ID:\nSA34329\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34329/\n\nDESCRIPTION:\nA vulnerability has been discovered in Serv-U, which can be exploited\nby malicious users to bypass certain security restrictions. \n\nThe vulnerability is caused due to an error when processing \"MKD\"\ncommands. \n\nThe vulnerability is confirmed in version 7.4.0.1. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nJonathan Salwan\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/8211\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-1031" }, { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "BID", "id": "34125" }, { "db": "PACKETSTORM", "id": "75808" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-1031", "trust": 2.7 }, { "db": "BID", "id": "34125", "trust": 1.9 }, { "db": "SECUNIA", "id": "34329", "trust": 1.8 }, { "db": "EXPLOIT-DB", "id": "8211", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-0738", "trust": 1.6 }, { "db": "OSVDB", "id": "52773", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2009-005897", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200903-350", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "75808", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "34125" }, { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "PACKETSTORM", "id": "75808" }, { "db": "CNNVD", "id": "CNNVD-200903-350" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "id": "VAR-200903-0481", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:57:01.239000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005897" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://osvdb.org/52773" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2009/0738" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/34125" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49258" }, { "trust": 1.6, "url": "http://secunia.com/advisories/34329" }, { "trust": 1.6, "url": "https://www.exploit-db.com/exploits/8211" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1031" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1031" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/try_vi/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/34329/" }, { "trust": 0.1, "url": "http://milw0rm.com/exploits/8211" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "34125" }, { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "PACKETSTORM", "id": "75808" }, { "db": "CNNVD", "id": "CNNVD-200903-350" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "34125" }, { "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "db": "PACKETSTORM", "id": "75808" }, { "db": "CNNVD", "id": "CNNVD-200903-350" }, { "db": "NVD", "id": "CVE-2009-1031" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-03-16T00:00:00", "db": "BID", "id": "34125" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "date": "2009-03-17T05:41:47", "db": "PACKETSTORM", "id": "75808" }, { "date": "2009-03-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-350" }, { "date": "2009-03-20T00:30:00.717000", "db": "NVD", "id": "CVE-2009-1031" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-20T17:05:00", "db": "BID", "id": "34125" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005897" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-350" }, { "date": "2024-11-21T01:01:29.853000", "db": "NVD", "id": "CVE-2009-1031" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-350" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rhino Software Serv-U File Server of FTP Server traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005897" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-350" } ], "trust": 0.6 } }
var-202105-1324
Vulnerability from variot
SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. SolarWinds Serv-U Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1324", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "lt", "trust": 1.0, "vendor": "solarwinds", "version": "15.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 0.8, "vendor": "solarwinds", "version": null }, { "model": "serv-u file server", "scope": "eq", "trust": 0.8, "vendor": "solarwinds", "version": "15.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "cve": "CVE-2021-25179", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-25179", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-25179", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-25179", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25179", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-25179", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202105-135", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-25179", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-25179" }, { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "CNNVD", "id": "CNNVD-202105-135" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. SolarWinds Serv-U Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2021-25179" }, { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "VULMON", "id": "CVE-2021-25179" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-25179", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-006364", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202105-135", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-25179", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-25179" }, { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "CNNVD", "id": "CNNVD-202105-135" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "id": "VAR-202105-1324", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T14:03:13.034000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Serv-U\u00a0File\u00a0Server\u00a015.2\u00a0Release\u00a0Notes", "trust": 0.8, "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm" }, { "title": "SolarWinds Serv-U File Server Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150158" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "CNNVD", "id": "CNNVD-202105-135" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://github.com/matrix" }, { "trust": 1.7, "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2_release_notes.htm" }, { "trust": 1.7, "url": "https://twitter.com/gm4tr1x" }, { "trust": 1.7, "url": "https://www.linkedin.com/in/gabrielegristina" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25179" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-25179" }, { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "CNNVD", "id": "CNNVD-202105-135" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-25179" }, { "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "db": "CNNVD", "id": "CNNVD-202105-135" }, { "db": "NVD", "id": "CVE-2021-25179" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-05T00:00:00", "db": "VULMON", "id": "CVE-2021-25179" }, { "date": "2022-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "date": "2021-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-135" }, { "date": "2021-05-05T03:15:07.283000", "db": "NVD", "id": "CVE-2021-25179" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-05-11T00:00:00", "db": "VULMON", "id": "CVE-2021-25179" }, { "date": "2022-01-06T00:50:00", "db": "JVNDB", "id": "JVNDB-2021-006364" }, { "date": "2021-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-135" }, { "date": "2021-05-11T18:40:46.983000", "db": "NVD", "id": "CVE-2021-25179" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-135" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds\u00a0Serv-U\u00a0 Cross-site Scripting Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006364" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-135" } ], "trust": 0.6 } }
var-200412-0837
Vulnerability from variot
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability. The vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0837", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" } ], "sources": [ { "db": "BID", "id": "9675" }, { "db": "CNNVD", "id": "CNNVD-200412-760" }, { "db": "NVD", "id": "CVE-2004-2533" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "kkqq kkqq@0x557.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-760" } ], "trust": 0.6 }, "cve": "CVE-2004-2533", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2004-2533", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-2533", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200412-760", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2004-2533", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2004-2533" }, { "db": "CNNVD", "id": "CNNVD-200412-760" }, { "db": "NVD", "id": "CVE-2004-2533" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a \"\\\\...\\\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability. \nThe vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed", "sources": [ { "db": "NVD", "id": "CVE-2004-2533" }, { "db": "BID", "id": "9675" }, { "db": "VULMON", "id": "CVE-2004-2533" } ], "trust": 1.26 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "9675", "trust": 2.0 }, { "db": "NVD", "id": "CVE-2004-2533", "trust": 2.0 }, { "db": "SECUNIA", "id": "10706", "trust": 1.7 }, { "db": "OSVDB", "id": "3713", "trust": 1.7 }, { "db": "SECTRACK", "id": "1009086", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200412-760", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2004-2533", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2004-2533" }, { "db": "BID", "id": "9675" }, { "db": "CNNVD", "id": "CNNVD-200412-760" }, { "db": "NVD", "id": "CVE-2004-2533" } ] }, "id": "VAR-200412-0837", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:43:45.305000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2004-2533" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/9675" }, { "trust": 1.7, "url": "http://www.osvdb.org/3713" }, { "trust": 1.7, "url": "http://securitytracker.com/id?1009086" }, { "trust": 1.7, "url": "http://secunia.com/advisories/10706" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15251" }, { "trust": 0.3, "url": "http://www.securityfocus.com/archive/82/354209/2004-02-14/2004-02-20/0" }, { "trust": 0.3, "url": "http://support.coresecurity.com/impact/exploits/c52bc27fc64926728837098d76813550.html" }, { "trust": 0.3, "url": "http://www.0x557.org/release/servu.txt" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2004-2533" }, { "db": "BID", "id": "9675" }, { "db": "CNNVD", "id": "CNNVD-200412-760" }, { "db": "NVD", "id": "CVE-2004-2533" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2004-2533" }, { "db": "BID", "id": "9675" }, { "db": "CNNVD", "id": "CNNVD-200412-760" }, { "db": "NVD", "id": "CVE-2004-2533" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-12-31T00:00:00", "db": "VULMON", "id": "CVE-2004-2533" }, { "date": "2004-02-16T00:00:00", "db": "BID", "id": "9675" }, { "date": "2004-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-760" }, { "date": "2004-12-31T05:00:00", "db": "NVD", "id": "CVE-2004-2533" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-28T00:00:00", "db": "VULMON", "id": "CVE-2004-2533" }, { "date": "2007-11-15T00:37:00", "db": "BID", "id": "9675" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-760" }, { "date": "2024-11-20T23:53:35.823000", "db": "NVD", "id": "CVE-2004-2533" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-760" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-760" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-760" } ], "trust": 0.6 } }
var-201112-0269
Vulnerability from variot
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Serv-U FTP Server Directory Traversal Vulnerability
SECUNIA ADVISORY ID: SA47021
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47021
RELEASE DATE: 2011-12-01
DISCUSS ADVISORY: http://secunia.com/advisories/47021/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47021/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47021
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Kingcope has discovered a vulnerability in Serv-U, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
The vulnerability is caused due to an input sanitisation error within the FTP server and can be exploited to e.g. download or delete files outside of the FTP's root directory via directory traversal attacks.
The vulnerability is confirmed in version 10.3.0.1 and 11.1.0.3 on Windows. Other versions may also be affected.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Kingcope
ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0269", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.2.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.6" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.24" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "11.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.14" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "11.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.9" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.6" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.4.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.0.0.7" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.21" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "11.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "11.1.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.3" }, { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "11.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.7" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "10.5.0.19" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.3.0.0" }, { "model": "serv-u ftp server", "scope": "lt", "trust": 0.8, "vendor": "rhino", "version": "11.1.0.5" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "10.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "11.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "10.0.0.7" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "11.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "11.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "10.0.0.5" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "10.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "11.1.0.5" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "11.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "10.0.0.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "CNNVD", "id": "CNNVD-201112-212" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Secunia", "sources": [ { "db": "PACKETSTORM", "id": "107458" } ], "trust": 0.1 }, "cve": "CVE-2011-4800", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2011-4800", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4800", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-4800", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201112-212", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "CNNVD", "id": "CNNVD-201112-212" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U FTP Server Directory Traversal Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47021\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47021/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47021\n\nRELEASE DATE:\n2011-12-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47021/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47021/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47021\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nKingcope has discovered a vulnerability in Serv-U, which can be\nexploited by malicious users to disclose potentially sensitive\ninformation and manipulate certain data. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe FTP server and can be exploited to e.g. download or delete files\noutside of the FTP\u0027s root directory via directory traversal attacks. \n\nThe vulnerability is confirmed in version 10.3.0.1 and 11.1.0.3 on\nWindows. Other versions may also be affected. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4800" }, { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "PACKETSTORM", "id": "107458" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4800", "trust": 2.4 }, { "db": "SECUNIA", "id": "47021", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "18182", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2011-003369", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201112-212", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "107458", "trust": 0.1 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "PACKETSTORM", "id": "107458" }, { "db": "CNNVD", "id": "CNNVD-201112-212" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "id": "VAR-201112-0269", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:08:53.474000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Serv-U Release Notes", "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/" }, { "title": "Serv-U-Linux-x86-Install", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42094" }, { "title": "ServUSetup", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42093" }, { "title": "Serv-U-Linux-x86_64-Install", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42095" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "CNNVD", "id": "CNNVD-201112-212" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html" }, { "trust": 1.6, "url": "http://www.serv-u.com/releasenotes/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/47021" }, { "trust": 1.6, "url": "http://www.exploit-db.com/exploits/18182" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4800" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4800" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47021/" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47021" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47021/#comments" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "PACKETSTORM", "id": "107458" }, { "db": "CNNVD", "id": "CNNVD-201112-212" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "db": "PACKETSTORM", "id": "107458" }, { "db": "CNNVD", "id": "CNNVD-201112-212" }, { "db": "NVD", "id": "CVE-2011-4800" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "date": "2011-12-01T04:30:58", "db": "PACKETSTORM", "id": "107458" }, { "date": "2011-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-212" }, { "date": "2011-12-14T00:55:02.217000", "db": "NVD", "id": "CVE-2011-4800" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003369" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-212" }, { "date": "2024-11-21T01:33:00.813000", "db": "NVD", "id": "CVE-2011-4800" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-212" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP Server traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003369" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-212" } ], "trust": 0.6 } }
var-201004-0065
Vulnerability from variot
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. Serv-U File Server is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. Versions prior to SERV-U File Server 9.2.0.1 are vulnerable. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Serv-U File Server Information Disclosure Vulnerability
SECUNIA ADVISORY ID: SA37847
VERIFY ADVISORY: http://secunia.com/advisories/37847/
DESCRIPTION: A vulnerability has been reported in Serv-U File Server, which can be exploited by malicious users to disclose potentially sensitive information.
The vulnerability is caused due to an unspecified error and can be exploited to disclose directories placed outside a user's root directory.
SOLUTION: Update to version 9.2.0.1.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201004-0065", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.6" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.9" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "9.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.4.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.7" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.3.0.0" }, { "model": "serv-u ftp server", "scope": "lt", "trust": 0.8, "vendor": "rhino", "version": "9.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.0.0.5" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "9.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.1" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.1.0.4" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.1.0.2" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.1.0.0" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.0.0.5" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.0.0.3" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.0.0.1" }, { "model": "file server", "scope": "eq", "trust": 0.3, "vendor": "serv u", "version": "9.0.0.0" }, { "model": "file server", "scope": "ne", "trust": 0.3, "vendor": "serv u", "version": "9.2.0.1" } ], "sources": [ { "db": "BID", "id": "37414" }, { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "CNNVD", "id": "CNNVD-201004-431" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-005130" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U", "sources": [ { "db": "CNNVD", "id": "CNNVD-201004-431" } ], "trust": 0.6 }, "cve": "CVE-2009-4815", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2009-4815", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-4815", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-4815", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201004-431", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "CNNVD", "id": "CNNVD-201004-431" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. Serv-U File Server is prone to an unspecified information-disclosure vulnerability. \nAttackers can exploit this issue to harvest sensitive information that may lead to further attacks. \nVersions prior to SERV-U File Server 9.2.0.1 are vulnerable. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U File Server Information Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA37847\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37847/\n\nDESCRIPTION:\nA vulnerability has been reported in Serv-U File Server, which can be\nexploited by malicious users to disclose potentially sensitive\ninformation. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to disclose directories placed outside a user\u0027s root\ndirectory. \n\nSOLUTION:\nUpdate to version 9.2.0.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.serv-u.com/releasenotes/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-4815" }, { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "BID", "id": "37414" }, { "db": "PACKETSTORM", "id": "84087" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-4815", "trust": 2.7 }, { "db": "BID", "id": "37414", "trust": 1.9 }, { "db": "SECUNIA", "id": "37847", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2009-3595", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2010-005130", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201004-431", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "84087", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "37414" }, { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "PACKETSTORM", "id": "84087" }, { "db": "CNNVD", "id": "CNNVD-201004-431" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "id": "VAR-201004-0065", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:03:04.515000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Serv-U FTP Server Release Notes", "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-005130" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.serv-u.com/releasenotes/" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/37414" }, { "trust": 1.6, "url": "http://secunia.com/advisories/37847" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2009/3595" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54932" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4815" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4815" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/37847/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "37414" }, { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "PACKETSTORM", "id": "84087" }, { "db": "CNNVD", "id": "CNNVD-201004-431" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "37414" }, { "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "db": "PACKETSTORM", "id": "84087" }, { "db": "CNNVD", "id": "CNNVD-201004-431" }, { "db": "NVD", "id": "CVE-2009-4815" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-12-18T00:00:00", "db": "BID", "id": "37414" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "date": "2009-12-21T13:56:55", "db": "PACKETSTORM", "id": "84087" }, { "date": "2010-04-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201004-431" }, { "date": "2010-04-27T15:30:00.703000", "db": "NVD", "id": "CVE-2009-4815" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-13T21:05:00", "db": "BID", "id": "37414" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-005130" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201004-431" }, { "date": "2024-11-21T01:10:31.897000", "db": "NVD", "id": "CVE-2009-4815" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201004-431" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U Vulnerable to directory traversal", "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-005130" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-201004-431" } ], "trust": 0.6 } }
var-200111-0057
Vulnerability from variot
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. A vulnerability exists in the remote administration client for RhinoSoft Serv-U
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200111-0057", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rhinosoft", "version": null }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.17" } ], "sources": [ { "db": "CERT/CC", "id": "VU#279763" }, { "db": "CNNVD", "id": "CNNVD-200111-018" }, { "db": "NVD", "id": "CVE-2001-1463" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" } ], "trust": 0.6 }, "cve": "CVE-2001-1463", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2001-1463", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2001-1463", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#279763", "trust": 0.8, "value": "4.74" }, { "author": "CNNVD", "id": "CNNVD-200111-018", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#279763" }, { "db": "CNNVD", "id": "CNNVD-200111-018" }, { "db": "NVD", "id": "CVE-2001-1463" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. A vulnerability exists in the remote administration client for RhinoSoft Serv-U", "sources": [ { "db": "NVD", "id": "CVE-2001-1463" }, { "db": "CERT/CC", "id": "VU#279763" }, { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SECTRACK", "id": "1002882", "trust": 3.0 }, { "db": "CERT/CC", "id": "VU#279763", "trust": 3.0 }, { "db": "NVD", "id": "CVE-2001-1463", "trust": 2.2 }, { "db": "XF", "id": "7925", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200111-018", "trust": 0.6 }, { "db": "BID", "id": "89617", "trust": 0.3 }, { "db": "BID", "id": "89673", "trust": 0.3 } ], "sources": [ { "db": "CERT/CC", "id": "VU#279763" }, { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" }, { "db": "CNNVD", "id": "CNNVD-200111-018" }, { "db": "NVD", "id": "CVE-2001-1463" } ] }, "id": "VAR-200111-0057", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-22T22:57:17.401000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125161" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200111-018" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2001-1463" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "http://securitytracker.com/id?1002882" }, { "trust": 3.2, "url": "http://www.kb.cert.org/vuls/id/279763" }, { "trust": 2.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7925" }, { "trust": 0.8, "url": "http://www.rhinosoft.com/" }, { "trust": 0.8, "url": "http://www.serv-u.com/" }, { "trust": 0.8, "url": "http://www.cat-soft.com/" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc1760.txt" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc2289.txt" }, { "trust": 0.8, "url": "http://www.iss.net/security_center/static/7925.php" }, { "trust": 0.8, "url": "http://securitytracker.com/alerts/2001/dec/1002882.html" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/7925" }, { "trust": 0.6, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-1463" } ], "sources": [ { "db": "CERT/CC", "id": "VU#279763" }, { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" }, { "db": "CNNVD", "id": "CNNVD-200111-018" }, { "db": "NVD", "id": "CVE-2001-1463" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#279763" }, { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" }, { "db": "CNNVD", "id": "CNNVD-200111-018" }, { "db": "NVD", "id": "CVE-2001-1463" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-11-19T00:00:00", "db": "CERT/CC", "id": "VU#279763" }, { "date": "2001-11-19T00:00:00", "db": "BID", "id": "89617" }, { "date": "2001-11-19T00:00:00", "db": "BID", "id": "89673" }, { "date": "2001-11-19T00:00:00", "db": "CNNVD", "id": "CNNVD-200111-018" }, { "date": "2001-11-19T05:00:00", "db": "NVD", "id": "CVE-2001-1463" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2002-11-15T00:00:00", "db": "CERT/CC", "id": "VU#279763" }, { "date": "2001-11-19T00:00:00", "db": "BID", "id": "89617" }, { "date": "2001-11-19T00:00:00", "db": "BID", "id": "89673" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200111-018" }, { "date": "2024-11-20T23:37:45.257000", "db": "NVD", "id": "CVE-2001-1463" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "RhinoSoft Serv-U remote administration client transmits password in plaintext", "sources": [ { "db": "CERT/CC", "id": "VU#279763" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "89617" }, { "db": "BID", "id": "89673" } ], "trust": 0.6 } }
var-202102-0355
Vulnerability from variot
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. Solarwinds SolarWinds Serv-U File Server is a file transfer server of SolarWinds (Solarwinds) in the United States.
SolarWinds Serv-U File Server before 15.2.2 has a cross-site scripting vulnerability, which stems from the lack of correct verification of client data in the WEB application. The authenticated attacker can carry out a storage XSS attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0355", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u", "scope": "lt", "trust": 1.0, "vendor": "solarwinds", "version": "15.2.2" }, { "model": "serv-u file server", "scope": "lt", "trust": 0.6, "vendor": "solarwinds", "version": "15.2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "NVD", "id": "CVE-2020-28001" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jack Misiura", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-306" } ], "trust": 0.6 }, "cve": "CVE-2020-28001", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2020-28001", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CNVD-2021-14808", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2020-28001", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-28001", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-14808", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202102-306", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-28001", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "VULMON", "id": "CVE-2020-28001" }, { "db": "CNNVD", "id": "CNNVD-202102-306" }, { "db": "NVD", "id": "CVE-2020-28001" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. Solarwinds SolarWinds Serv-U File Server is a file transfer server of SolarWinds (Solarwinds) in the United States. \n\r\n\r\nSolarWinds Serv-U File Server before 15.2.2 has a cross-site scripting vulnerability, which stems from the lack of correct verification of client data in the WEB application. The authenticated attacker can carry out a storage XSS attack", "sources": [ { "db": "NVD", "id": "CVE-2020-28001" }, { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "VULMON", "id": "CVE-2020-28001" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-28001", "trust": 2.3 }, { "db": "PACKETSTORM", "id": "161400", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2021-14808", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-306", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-28001", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "VULMON", "id": "CVE-2020-28001" }, { "db": "CNNVD", "id": "CNNVD-202102-306" }, { "db": "NVD", "id": "CVE-2020-28001" } ] }, "id": "VAR-202102-0355", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" } ], "trust": 1.6 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" } ] }, "last_update_date": "2024-11-23T22:58:00.141000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for SolarWinds Serv-U File Server cross-site scripting vulnerability (CNVD-2021-14808)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/251196" }, { "title": "SolarWinds Serv-U File Server Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140770" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "CNNVD", "id": "CNNVD-202102-306" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-28001" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://packetstormsecurity.com/files/161400/solarwinds-serv-u-ftp-server-15.2.1-cross-site-scripting.html" }, { "trust": 1.7, "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-2_release_notes.htm" }, { "trust": 1.7, "url": "https://www.themissinglink.com.au/security-advisories-cve-2020-28001" }, { "trust": 1.6, "url": "http://seclists.org/fulldisclosure/2021/feb/37" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28001" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "VULMON", "id": "CVE-2020-28001" }, { "db": "CNNVD", "id": "CNNVD-202102-306" }, { "db": "NVD", "id": "CVE-2020-28001" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-14808" }, { "db": "VULMON", "id": "CVE-2020-28001" }, { "db": "CNNVD", "id": "CNNVD-202102-306" }, { "db": "NVD", "id": "CVE-2020-28001" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-07T00:00:00", "db": "CNVD", "id": "CNVD-2021-14808" }, { "date": "2021-02-03T00:00:00", "db": "VULMON", "id": "CVE-2020-28001" }, { "date": "2021-02-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-306" }, { "date": "2021-02-03T16:15:13.353000", "db": "NVD", "id": "CVE-2020-28001" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-07T00:00:00", "db": "CNVD", "id": "CNVD-2021-14808" }, { "date": "2021-02-25T00:00:00", "db": "VULMON", "id": "CVE-2020-28001" }, { "date": "2021-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-306" }, { "date": "2024-11-21T05:22:10.800000", "db": "NVD", "id": "CVE-2020-28001" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-306" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server cross-site scripting vulnerability (CNVD-2021-14808)", "sources": [ { "db": "CNVD", "id": "CNVD-2021-14808" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-306" } ], "trust": 0.6 } }
var-200412-0836
Vulnerability from variot
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0836", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.9" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.2.0.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.1.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.9" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.6" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" } ], "sources": [ { "db": "BID", "id": "10886" }, { "db": "CNNVD", "id": "CNNVD-200412-693" }, { "db": "NVD", "id": "CVE-2004-2532" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovery is credited to aT4r ins4n3 \u003cat4r@ciberdreams.com\u003e.", "sources": [ { "db": "BID", "id": "10886" }, { "db": "CNNVD", "id": "CNNVD-200412-693" } ], "trust": 0.9 }, "cve": "CVE-2004-2532", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2004-2532", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-2532", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-200412-693", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-693" }, { "db": "NVD", "id": "CVE-2004-2532" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. \nThe weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts", "sources": [ { "db": "NVD", "id": "CVE-2004-2532" }, { "db": "BID", "id": "10886" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "10886", "trust": 1.9 }, { "db": "OSVDB", "id": "8877", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2004-2532", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200412-693", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "10886" }, { "db": "CNNVD", "id": "CNNVD-200412-693" }, { "db": "NVD", "id": "CVE-2004-2532" } ] }, "id": "VAR-200412-0836", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:47:15.034000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Repair measures for trust management problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125159" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-693" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-255", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2004-2532" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/10886" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925" }, { "trust": 1.6, "url": "http://www.osvdb.org/8877" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "http://support.coresecurity.com/impact/exploits/16d127c3a0ee7d8db396b1aa40eeef5e.html" } ], "sources": [ { "db": "BID", "id": "10886" }, { "db": "CNNVD", "id": "CNNVD-200412-693" }, { "db": "NVD", "id": "CVE-2004-2532" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "10886" }, { "db": "CNNVD", "id": "CNNVD-200412-693" }, { "db": "NVD", "id": "CVE-2004-2532" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-08-08T00:00:00", "db": "BID", "id": "10886" }, { "date": "2004-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-693" }, { "date": "2004-12-31T05:00:00", "db": "NVD", "id": "CVE-2004-2532" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-08-08T00:00:00", "db": "BID", "id": "10886" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-693" }, { "date": "2024-11-20T23:53:35.677000", "db": "NVD", "id": "CVE-2004-2532" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-693" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Trust Management Issue Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-693" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-693" } ], "trust": 0.6 } }
var-200808-0118
Vulnerability from variot
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability when handling certain SFTP commands. Exploiting this issue can cause the server to crash and deny service to legitimate users. Versions prior to Serv-U 7.2.0.1 are vulnerable.
The vulnerability is caused due to an error within the logging functionality when creating directories via SFTP. This can be exploited to crash the service.
Successful exploitation requires a valid account with write permissions.
SOLUTION: Update to version 7.2.0.1.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0118", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u ftp server", "scope": "lt", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 and 7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "7.2.0.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "7.2.0.1" } ], "sources": [ { "db": "BID", "id": "30739" }, { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "CNNVD", "id": "CNNVD-200808-269" }, { "db": "NVD", "id": "CVE-2008-3731" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006155" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "RhinoSoft", "sources": [ { "db": "BID", "id": "30739" }, { "db": "CNNVD", "id": "CNNVD-200808-269" } ], "trust": 0.9 }, "cve": "CVE-2008-3731", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2008-3731", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-3731", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2008-3731", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200808-269", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "CNNVD", "id": "CNNVD-200808-269" }, { "db": "NVD", "id": "CVE-2008-3731" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability when handling certain SFTP commands. \nExploiting this issue can cause the server to crash and deny service to legitimate users. \nVersions prior to Serv-U 7.2.0.1 are vulnerable. \n\nThe vulnerability is caused due to an error within the logging\nfunctionality when creating directories via SFTP. This can be\nexploited to crash the service. \n\nSuccessful exploitation requires a valid account with write\npermissions. \n\nSOLUTION:\nUpdate to version 7.2.0.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.serv-u.com/releasenotes/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-3731" }, { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "BID", "id": "30739" }, { "db": "PACKETSTORM", "id": "69220" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-3731", "trust": 2.7 }, { "db": "BID", "id": "30739", "trust": 1.9 }, { "db": "SECUNIA", "id": "31461", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2008-006155", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200808-269", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "69220", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "30739" }, { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "PACKETSTORM", "id": "69220" }, { "db": "CNNVD", "id": "CNNVD-200808-269" }, { "db": "NVD", "id": "CVE-2008-3731" } ] }, "id": "VAR-200808-0118", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:03:13.008000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Serv-U FTP Server Release Notes", "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/" }, { "title": "SolarWinds Serv-U File Server Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125151" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "CNNVD", "id": "CNNVD-200808-269" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2008-3731" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.serv-u.com/releasenotes/" }, { "trust": 1.6, "url": "http://secunia.com/advisories/31461" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/30739" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44537" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3731" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3731" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "http://secunia.com/product/19573/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_specialist/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/31461/" }, { "trust": 0.1, "url": "http://corporate.secunia.com/about_secunia/64/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "30739" }, { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "PACKETSTORM", "id": "69220" }, { "db": "CNNVD", "id": "CNNVD-200808-269" }, { "db": "NVD", "id": "CVE-2008-3731" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "30739" }, { "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "db": "PACKETSTORM", "id": "69220" }, { "db": "CNNVD", "id": "CNNVD-200808-269" }, { "db": "NVD", "id": "CVE-2008-3731" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-07-30T00:00:00", "db": "BID", "id": "30739" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "date": "2008-08-20T05:04:04", "db": "PACKETSTORM", "id": "69220" }, { "date": "2008-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-269" }, { "date": "2008-08-20T16:41:00", "db": "NVD", "id": "CVE-2008-3731" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:24:00", "db": "BID", "id": "30739" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006155" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-269" }, { "date": "2024-11-21T00:49:59.230000", "db": "NVD", "id": "CVE-2008-3731" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-269" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U File Server Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006155" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-269" } ], "trust": 0.6 } }
var-200910-0169
Vulnerability from variot
Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. Serv-U is prone to a denial-of-service vulnerability.
An unspecified error in the Boost module can be exploited to create new directories in the webroot directory of the web server. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Serv-U "SITE SET TRANSFERPROGRESS ON" Denial of Service
SECUNIA ADVISORY ID: SA36873
VERIFY ADVISORY: http://secunia.com/advisories/36873/
DESCRIPTION: A vulnerability has been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service).
Successful exploitation requires valid user credentials and that "SITE SET" commands are enabled.
The vulnerability is reported in Serv-U versions 7.0.0.1 through 8.2.0.3.
SOLUTION: Fixed in version 9.0.0.1.
Disable the "SITE SET" command.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200910-0169", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.5" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "8.0.0.7" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 8.2.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.7" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.5" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.1.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.2.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "8.0.0.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "CNNVD", "id": "CNNVD-200910-177" }, { "db": "NVD", "id": "CVE-2009-3655" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006418" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "79286" } ], "trust": 0.3 }, "cve": "CVE-2009-3655", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2009-3655", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-3655", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-3655", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200910-177", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "CNNVD", "id": "CNNVD-200910-177" }, { "db": "NVD", "id": "CVE-2009-3655" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the \"SITE SET TRANSFERPROGRESS ON\" FTP command. Serv-U is prone to a denial-of-service vulnerability. \n\nAn unspecified error in the Boost module can be exploited to create\nnew directories in the webroot directory of the web server. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U \"SITE SET TRANSFERPROGRESS ON\" Denial of Service\n\nSECUNIA ADVISORY ID:\nSA36873\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36873/\n\nDESCRIPTION:\nA vulnerability has been reported in Serv-U, which can be exploited\nby malicious users to cause a DoS (Denial of Service). \n\nSuccessful exploitation requires valid user credentials and that\n\"SITE SET\" commands are enabled. \n\nThe vulnerability is reported in Serv-U versions 7.0.0.1 through\n8.2.0.3. \n\nSOLUTION:\nFixed in version 9.0.0.1. \n\nDisable the \"SITE SET\" command. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.serv-u.com/releasenotes/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2009-3655" }, { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "BID", "id": "79286" }, { "db": "PACKETSTORM", "id": "81751" }, { "db": "PACKETSTORM", "id": "81782" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3655", "trust": 2.7 }, { "db": "SECUNIA", "id": "36873", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2009-006418", "trust": 0.8 }, { "db": "SECUNIA", "id": "36925", "trust": 0.7 }, { "db": "OSVDB", "id": "58424", "trust": 0.6 }, { "db": "XF", "id": "53553", "trust": 0.6 }, { "db": "BID", "id": "36561", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200910-177", "trust": 0.6 }, { "db": "BID", "id": "79286", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "81751", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "81782", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "79286" }, { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "PACKETSTORM", "id": "81751" }, { "db": "PACKETSTORM", "id": "81782" }, { "db": "CNNVD", "id": "CNNVD-200910-177" }, { "db": "NVD", "id": "CVE-2009-3655" } ] }, "id": "VAR-200910-0169", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T21:47:43.685000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Serv-U FTP Server Release Notes", "trust": 0.8, "url": "http://www.serv-u.com/releasenotes/" }, { "title": "SolarWinds Serv-U File Server Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125149" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "CNNVD", "id": "CNNVD-200910-177" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3655" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.serv-u.com/releasenotes/" }, { "trust": 1.6, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5798" }, { "trust": 1.6, "url": "http://secunia.com/advisories/36873" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3655" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3655" }, { "trust": 0.7, "url": "http://drupal.org/node/592490" }, { "trust": 0.7, "url": "http://drupal.org/node/592470" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/53553" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/36561" }, { "trust": 0.6, "url": "http://secunia.com/advisories/36925" }, { "trust": 0.6, "url": "http://osvdb.org/58424" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/36925/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/36873/" } ], "sources": [ { "db": "BID", "id": "79286" }, { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "PACKETSTORM", "id": "81751" }, { "db": "PACKETSTORM", "id": "81782" }, { "db": "CNNVD", "id": "CNNVD-200910-177" }, { "db": "NVD", "id": "CVE-2009-3655" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "79286" }, { "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "db": "PACKETSTORM", "id": "81751" }, { "db": "PACKETSTORM", "id": "81782" }, { "db": "CNNVD", "id": "CNNVD-200910-177" }, { "db": "NVD", "id": "CVE-2009-3655" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-10-09T00:00:00", "db": "BID", "id": "79286" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "date": "2009-10-01T13:53:27", "db": "PACKETSTORM", "id": "81751" }, { "date": "2009-10-02T13:30:07", "db": "PACKETSTORM", "id": "81782" }, { "date": "2009-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-200910-177" }, { "date": "2009-10-09T14:30:00.593000", "db": "NVD", "id": "CVE-2009-3655" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-10-09T00:00:00", "db": "BID", "id": "79286" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-006418" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200910-177" }, { "date": "2024-11-21T01:07:54.417000", "db": "NVD", "id": "CVE-2009-3655" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200910-177" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rhino Software Serv-U Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-006418" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-200910-177" } ], "trust": 0.6 } }
var-200212-0717
Vulnerability from variot
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. A denial of service vulnerability has been reported for Serv-U FTP server. The vulnerability is a result of Serv-U FTP Server processing certain commands. When the Serv-U server receives a MKD command it attempts to verify whether the user that issued the command has sufficient rights. When performing this verification, it will not accept any more connections. An attacker that issues many such commands will prevent the server from accepting connections for an indefinite period of time thus creating the denial of service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0717", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "4.1" } ], "sources": [ { "db": "BID", "id": "6112" }, { "db": "CNNVD", "id": "CNNVD-200212-716" }, { "db": "NVD", "id": "CVE-2002-2393" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovery of this vulnerability credited to Matt Thompson and Paul Smurthwaite.", "sources": [ { "db": "BID", "id": "6112" }, { "db": "CNNVD", "id": "CNNVD-200212-716" } ], "trust": 0.9 }, "cve": "CVE-2002-2393", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2002-2393", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2002-2393", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200212-716", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200212-716" }, { "db": "NVD", "id": "CVE-2002-2393" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. A denial of service vulnerability has been reported for Serv-U FTP server. The vulnerability is a result of Serv-U FTP Server processing certain commands. When the Serv-U server receives a MKD command it attempts to verify whether the user that issued the command has sufficient rights. When performing this verification, it will not accept any more connections. \nAn attacker that issues many such commands will prevent the server from accepting connections for an indefinite period of time thus creating the denial of service condition", "sources": [ { "db": "NVD", "id": "CVE-2002-2393" }, { "db": "BID", "id": "6112" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "6112", "trust": 1.9 }, { "db": "NVD", "id": "CVE-2002-2393", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200212-716", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "6112" }, { "db": "CNNVD", "id": "CNNVD-200212-716" }, { "db": "NVD", "id": "CVE-2002-2393" } ] }, "id": "VAR-200212-0717", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-22T22:48:43.273000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125160" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200212-716" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2002-2393" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html" }, { "trust": 2.6, "url": "http://www.securityfocus.com/bid/6112" }, { "trust": 2.6, "url": "http://www.iss.net/security_center/static/10573.php" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "/archive/1/299087" } ], "sources": [ { "db": "BID", "id": "6112" }, { "db": "CNNVD", "id": "CNNVD-200212-716" }, { "db": "NVD", "id": "CVE-2002-2393" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "6112" }, { "db": "CNNVD", "id": "CNNVD-200212-716" }, { "db": "NVD", "id": "CVE-2002-2393" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2002-11-06T00:00:00", "db": "BID", "id": "6112" }, { "date": "2002-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200212-716" }, { "date": "2002-12-31T05:00:00", "db": "NVD", "id": "CVE-2002-2393" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2002-11-06T00:00:00", "db": "BID", "id": "6112" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200212-716" }, { "date": "2024-11-20T23:43:34.730000", "db": "NVD", "id": "CVE-2002-2393" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200212-716" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200212-716" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200212-716" } ], "trust": 0.6 } }
var-200903-0362
Vulnerability from variot
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Serv-U 7.4.0.1 is vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200903-0362", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "7.4.0.1" } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Salwan submit@shell-storm.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 }, "cve": "CVE-2009-0967", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2009-0967", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-0967", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-0967", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200903-324", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability. \nSuccessfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nServ-U 7.4.0.1 is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2009-0967" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "BID", "id": "34127" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-0967", "trust": 2.4 }, { "db": "BID", "id": "34127", "trust": 1.9 }, { "db": "EXPLOIT-DB", "id": "8212", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2009-005892", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200903-324", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "id": "VAR-200903-0362", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:13:07.853000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/34127" }, { "trust": 1.6, "url": "https://www.exploit-db.com/exploits/8212" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0967" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0967" }, { "trust": 0.3, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-03-16T00:00:00", "db": "BID", "id": "34127" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "date": "2009-03-19T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-324" }, { "date": "2009-03-19T10:30:00.530000", "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-20T17:05:00", "db": "BID", "id": "34127" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-324" }, { "date": "2024-11-21T01:01:21.797000", "db": "NVD", "id": "CVE-2009-0967" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U of FTP Service disruption at the server (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 } }
var-200810-0276
Vulnerability from variot
Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". Serv-U FTP server is prone to a denial of service vulnerability. An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. Serv-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: Serv-U File Renaming Directory Traversal and STOU Denial of Service
SECUNIA ADVISORY ID: SA32150
VERIFY ADVISORY: http://secunia.com/advisories/32150/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Serv-U File Server 7.x http://secunia.com/advisories/product/19573/
DESCRIPTION: dmnt has discovered two vulnerabilities in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) An error in the handling of the "STOU" FTP command can be exploited to exhaust available CPU resources via a specially crafted argument (e.g. "CON:1").
2) An input validation error in the FTP service when renaming files can be exploited to overwrite or create arbitrary files with user-supplied content via directory traversal attacks.
The vulnerabilities are confirmed in version 7.3.0.0.
PROVIDED AND/OR DISCOVERED BY: dmnt
ORIGINAL ADVISORY: http://milw0rm.com/exploits/6660 http://milw0rm.com/exploits/6661
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0276", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 7.2.0.1 including 7.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "7.2.0.1" } ], "sources": [ { "db": "BID", "id": "31556" }, { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "CNNVD", "id": "CNNVD-200810-126" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006295" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "dmnt", "sources": [ { "db": "BID", "id": "31556" }, { "db": "CNNVD", "id": "CNNVD-200810-126" } ], "trust": 0.9 }, "cve": "CVE-2008-4500", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2008-4500", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2008-4500", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2008-4500", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200810-126", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "CNNVD", "id": "CNNVD-200810-126" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\". Serv-U FTP server is prone to a denial of service vulnerability. \nAn attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. \nServ-U FTP server 7.2.0.1 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nServ-U File Renaming Directory Traversal and STOU Denial of Service\n\nSECUNIA ADVISORY ID:\nSA32150\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32150/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nServ-U File Server 7.x\nhttp://secunia.com/advisories/product/19573/\n\nDESCRIPTION:\ndmnt has discovered two vulnerabilities in Serv-U, which can be\nexploited by malicious users to cause a DoS (Denial of Service) or\ncompromise a vulnerable system. \n\n1) An error in the handling of the \"STOU\" FTP command can be\nexploited to exhaust available CPU resources via a specially crafted\nargument (e.g. \"CON:1\"). \n\n2) An input validation error in the FTP service when renaming files\ncan be exploited to overwrite or create arbitrary files with\nuser-supplied content via directory traversal attacks. \n\nThe vulnerabilities are confirmed in version 7.3.0.0. \n\nPROVIDED AND/OR DISCOVERED BY:\ndmnt\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/6660\nhttp://milw0rm.com/exploits/6661\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-4500" }, { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "BID", "id": "31556" }, { "db": "PACKETSTORM", "id": "70630" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-4500", "trust": 2.7 }, { "db": "BID", "id": "31556", "trust": 1.9 }, { "db": "SECUNIA", "id": "32150", "trust": 1.8 }, { "db": "EXPLOIT-DB", "id": "6660", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2746", "trust": 1.6 }, { "db": "SREASON", "id": "4377", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2008-006295", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200810-126", "trust": 0.6 }, { "db": "EXPLOIT-DB", "id": "6661", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "70630", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "31556" }, { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-126" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "id": "VAR-200810-0276", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:00:09.386000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006295" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://securityreason.com/securityalert/4377" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/31556" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2008/2746" }, { "trust": 1.6, "url": "https://www.exploit-db.com/exploits/6660" }, { "trust": 1.6, "url": "http://secunia.com/advisories/32150" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4500" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4500" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "http://milw0rm.com/exploits/6660" }, { "trust": 0.1, "url": "http://secunia.com/binary_analysis/sample_analysis/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/32150/" }, { "trust": 0.1, "url": "http://milw0rm.com/exploits/6661" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/product/19573/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "BID", "id": "31556" }, { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-126" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "31556" }, { "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "db": "PACKETSTORM", "id": "70630" }, { "db": "CNNVD", "id": "CNNVD-200810-126" }, { "db": "NVD", "id": "CVE-2008-4500" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-10-03T00:00:00", "db": "BID", "id": "31556" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "date": "2008-10-06T22:35:25", "db": "PACKETSTORM", "id": "70630" }, { "date": "2008-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-126" }, { "date": "2008-10-09T00:00:01.180000", "db": "NVD", "id": "CVE-2008-4500" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:22:00", "db": "BID", "id": "31556" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-006295" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200810-126" }, { "date": "2024-11-21T00:51:49.830000", "db": "NVD", "id": "CVE-2008-4500" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-126" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-006295" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200810-126" } ], "trust": 0.6 } }
var-200511-0474
Vulnerability from variot
Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions. Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available. An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users.
TITLE: Serv-U FTP Server Potential Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA17409
VERIFY ADVISORY: http://secunia.com/advisories/17409/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Serv-U FTP Server 6.x http://secunia.com/product/5878/
DESCRIPTION: A vulnerability has been reported in Serv-U, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
NOTE: The ZLib and OpenSSL libraries have also been changed to version v1.2.3 and v0.9.8a respectively.
SOLUTION: Update to version 6.1.0.4. http://www.serv-u.com/dn.asp
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes.asp
OTHER REFERENCES: SA17151: http://secunia.com/advisories/17151/
SA16137: http://secunia.com/advisories/16137/
SA15949: http://secunia.com/advisories/15949/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200511-0474", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.9" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "6.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.1.0.0" }, { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "6.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "6.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "6.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "6.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.9" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "6.0.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.11" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "6.1.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.1.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.1.0.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.0.0.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "6.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.2.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.2.0.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.1.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.9" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.6" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "2.5" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "6.1.0.4" } ], "sources": [ { "db": "BID", "id": "15273" }, { "db": "CNNVD", "id": "CNNVD-200511-049" }, { "db": "NVD", "id": "CVE-2005-3467" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "RhinoSoft", "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" } ], "trust": 0.6 }, "cve": "CVE-2005-3467", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2005-3467", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2005-3467", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200511-049", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" }, { "db": "NVD", "id": "CVE-2005-3467" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions. \nSpecific details regarding this issue are not currently available, this BID will be updated as more information becomes available. \nAn attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. \n\nTITLE:\nServ-U FTP Server Potential Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA17409\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17409/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nServ-U FTP Server 6.x\nhttp://secunia.com/product/5878/\n\nDESCRIPTION:\nA vulnerability has been reported in Serv-U, which potentially can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nNOTE: The ZLib and OpenSSL libraries have also been changed to\nversion v1.2.3 and v0.9.8a respectively. \n\nSOLUTION:\nUpdate to version 6.1.0.4. \nhttp://www.serv-u.com/dn.asp\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nORIGINAL ADVISORY:\nhttp://www.serv-u.com/releasenotes.asp\n\nOTHER REFERENCES:\nSA17151:\nhttp://secunia.com/advisories/17151/\n\nSA16137:\nhttp://secunia.com/advisories/16137/\n\nSA15949:\nhttp://secunia.com/advisories/15949/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2005-3467" }, { "db": "BID", "id": "15273" }, { "db": "PACKETSTORM", "id": "41190" } ], "trust": 1.26 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "15273", "trust": 1.9 }, { "db": "SECUNIA", "id": "17409", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2005-3467", "trust": 1.6 }, { "db": "SECTRACK", "id": "1015151", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2005-2267", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200511-049", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "41190", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "15273" }, { "db": "PACKETSTORM", "id": "41190" }, { "db": "CNNVD", "id": "CNNVD-200511-049" }, { "db": "NVD", "id": "CVE-2005-3467" } ] }, "id": "VAR-200511-0474", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T20:00:54.008000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "RhinoSoft Serv-U FTP Server Unrecognized denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125153" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2005-3467" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.serv-u.com/releasenotes.asp" }, { "trust": 1.6, "url": "http://www.vupen.com/english/advisories/2005/2267" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/15273" }, { "trust": 1.6, "url": "http://secunia.com/advisories/17409" }, { "trust": 1.6, "url": "http://securitytracker.com/id?1015151" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/16137/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/15949/" }, { "trust": 0.1, "url": "http://www.serv-u.com/dn.asp" }, { "trust": 0.1, "url": "http://secunia.com/advisories/17409/" }, { "trust": 0.1, "url": "http://secunia.com/product/5878/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/17151/" } ], "sources": [ { "db": "BID", "id": "15273" }, { "db": "PACKETSTORM", "id": "41190" }, { "db": "CNNVD", "id": "CNNVD-200511-049" }, { "db": "NVD", "id": "CVE-2005-3467" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "15273" }, { "db": "PACKETSTORM", "id": "41190" }, { "db": "CNNVD", "id": "CNNVD-200511-049" }, { "db": "NVD", "id": "CVE-2005-3467" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-11-02T00:00:00", "db": "BID", "id": "15273" }, { "date": "2005-11-03T01:02:14", "db": "PACKETSTORM", "id": "41190" }, { "date": "2005-11-02T00:00:00", "db": "CNNVD", "id": "CNNVD-200511-049" }, { "date": "2005-11-02T23:02:00", "db": "NVD", "id": "CVE-2005-3467" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2005-11-02T00:00:00", "db": "BID", "id": "15273" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200511-049" }, { "date": "2024-11-21T00:01:58.023000", "db": "NVD", "id": "CVE-2005-3467" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "RhinoSoft Serv-U FTP Server Unknown denial of service vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200511-049" } ], "trust": 0.6 } }
var-200409-0066
Vulnerability from variot
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. Serv-U FTP Server is reported prone to a denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions. The vulnerability is a result of Serv-U FTP Server processing certain 'STOU' commands. All versions of Serv-U prior to 5.2.0.1 are reportedly affected by this vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200409-0066", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.11" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.9" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.9" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.2.0.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.1.0" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.9" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.6" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "5.2.0.1" } ], "sources": [ { "db": "BID", "id": "11155" }, { "db": "CNNVD", "id": "CNNVD-200409-022" }, { "db": "NVD", "id": "CVE-2004-1675" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovery is credited to Patrick \u003cpatrickthomassen@gmail.com\u003e.", "sources": [ { "db": "BID", "id": "11155" }, { "db": "CNNVD", "id": "CNNVD-200409-022" } ], "trust": 0.9 }, "cve": "CVE-2004-1675", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2004-1675", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-1675", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200409-022", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200409-022" }, { "db": "NVD", "id": "CVE-2004-1675" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. Serv-U FTP Server is reported prone to a denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions. \nThe vulnerability is a result of Serv-U FTP Server processing certain \u0027STOU\u0027 commands. \nAll versions of Serv-U prior to 5.2.0.1 are reportedly affected by this vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2004-1675" }, { "db": "BID", "id": "11155" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "11155", "trust": 1.9 }, { "db": "NVD", "id": "CVE-2004-1675", "trust": 1.6 }, { "db": "SECUNIA", "id": "12507", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200409-022", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "11155" }, { "db": "CNNVD", "id": "CNNVD-200409-022" }, { "db": "NVD", "id": "CVE-2004-1675" } ] }, "id": "VAR-200409-0066", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-08-14T14:35:51.998000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125156" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200409-022" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2004-1675" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/11155" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17329" }, { "trust": 1.6, "url": "http://secunia.com/advisories/12507/" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=109495074211638\u0026w=2" }, { "trust": 0.6, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1675" }, { "trust": 0.3, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "/archive/1/374888" } ], "sources": [ { "db": "BID", "id": "11155" }, { "db": "CNNVD", "id": "CNNVD-200409-022" }, { "db": "NVD", "id": "CVE-2004-1675" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "11155" }, { "db": "CNNVD", "id": "CNNVD-200409-022" }, { "db": "NVD", "id": "CVE-2004-1675" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-09-11T00:00:00", "db": "BID", "id": "11155" }, { "date": "2004-09-11T00:00:00", "db": "CNNVD", "id": "CNNVD-200409-022" }, { "date": "2004-09-11T04:00:00", "db": "NVD", "id": "CVE-2004-1675" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-09-11T00:00:00", "db": "BID", "id": "11155" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200409-022" }, { "date": "2020-07-28T14:34:51.580000", "db": "NVD", "id": "CVE-2004-1675" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200409-022" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200409-022" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200409-022" } ], "trust": 0.6 } }
var-200404-0080
Vulnerability from variot
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200404-0080", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "5.0.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.2" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.6" } ], "sources": [ { "db": "BID", "id": "10181" }, { "db": "CNNVD", "id": "CNNVD-200404-075" }, { "db": "NVD", "id": "CVE-2004-1992" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "storm storm@stormdev.net", "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" } ], "trust": 0.6 }, "cve": "CVE-2004-1992", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2004-1992", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-1992", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200404-075", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" }, { "db": "NVD", "id": "CVE-2004-1992" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input. \nSuccessful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed", "sources": [ { "db": "NVD", "id": "CVE-2004-1992" }, { "db": "BID", "id": "10181" } ], "trust": 1.17 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "10181", "trust": 1.9 }, { "db": "NVD", "id": "CVE-2004-1992", "trust": 1.6 }, { "db": "SECTRACK", "id": "1009869", "trust": 1.6 }, { "db": "OSVDB", "id": "5546", "trust": 1.6 }, { "db": "SECUNIA", "id": "11430", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200404-075", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "10181" }, { "db": "CNNVD", "id": "CNNVD-200404-075" }, { "db": "NVD", "id": "CVE-2004-1992" } ] }, "id": "VAR-200404-0080", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:15:35.231000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125155" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2004-1992" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.securiteam.com/windowsntfocus/5zp0g2kcka.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/11430" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=108360377119290\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=ntbugtraq\u0026m=108359620108234\u0026w=2" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/10181" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15913" }, { "trust": 1.6, "url": "http://securitytracker.com/id?1009869" }, { "trust": 1.6, "url": "http://www.osvdb.org/5546" }, { "trust": 0.3, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "BID", "id": "10181" }, { "db": "CNNVD", "id": "CNNVD-200404-075" }, { "db": "NVD", "id": "CVE-2004-1992" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "10181" }, { "db": "CNNVD", "id": "CNNVD-200404-075" }, { "db": "NVD", "id": "CVE-2004-1992" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-04-20T00:00:00", "db": "BID", "id": "10181" }, { "date": "2004-04-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200404-075" }, { "date": "2004-04-20T04:00:00", "db": "NVD", "id": "CVE-2004-1992" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-04-20T00:00:00", "db": "BID", "id": "10181" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200404-075" }, { "date": "2024-11-20T23:52:14.560000", "db": "NVD", "id": "CVE-2004-1992" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200404-075" } ], "trust": 0.6 } }
var-200412-0928
Vulnerability from variot
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed. RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. Execution of arbitrary code may be possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0928", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "lte", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.16" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "4.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.1.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "3.0.0.17" }, { "model": "software serv-u", "scope": "eq", "trust": 0.6, "vendor": "rhino", "version": "4.1.0.11" }, { "model": "software serv-u", "scope": "eq", "trust": 0.6, "vendor": "rhino", "version": "4.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.6, "vendor": "rhino", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.6, "vendor": "rhino", "version": "3.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.17" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.0.0.16" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "3.1.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "4.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "5.0.0.4" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "3.0" }, { "model": "software serv-u", "scope": "ne", "trust": 0.3, "vendor": "rhino", "version": "4.2" } ], "sources": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" }, { "db": "CNNVD", "id": "CNNVD-200412-440" }, { "db": "NVD", "id": "CVE-2004-2111" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "kkqq kkqq@0x557.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-440" } ], "trust": 0.6 }, "cve": "CVE-2004-2111", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.8, "id": "CVE-2004-2111", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2004-2111", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-200412-440", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-440" }, { "db": "NVD", "id": "CVE-2004-2111" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed. RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a \u0027site chmod\u0027 command is issued on a non-existant file. Execution of arbitrary code may be possible", "sources": [ { "db": "NVD", "id": "CVE-2004-2111" }, { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" } ], "trust": 1.44 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2004-2111", "trust": 2.2 }, { "db": "BID", "id": "9675", "trust": 1.9 }, { "db": "BID", "id": "9483", "trust": 1.9 }, { "db": "SECTRACK", "id": "1008841", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200412-440", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" }, { "db": "CNNVD", "id": "CNNVD-200412-440" }, { "db": "NVD", "id": "CVE-2004-2111" } ] }, "id": "VAR-200412-0928", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T22:43:45.331000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SolarWinds Serv-U File Server Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125158" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-440" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2004-2111" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=107513654005840\u0026w=2" }, { "trust": 1.6, "url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/9483" }, { "trust": 1.6, "url": "http://securitytracker.com/id?1008841" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/9675" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931" }, { "trust": 0.6, "url": "http://www.serv-u.com/" }, { "trust": 0.3, "url": "http://www.securityfocus.com/archive/82/354209/2004-02-14/2004-02-20/0" }, { "trust": 0.3, "url": "http://support.coresecurity.com/impact/exploits/c52bc27fc64926728837098d76813550.html" }, { "trust": 0.3, "url": "http://www.0x557.org/release/servu.txt" } ], "sources": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" }, { "db": "CNNVD", "id": "CNNVD-200412-440" }, { "db": "NVD", "id": "CVE-2004-2111" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" }, { "db": "CNNVD", "id": "CNNVD-200412-440" }, { "db": "NVD", "id": "CVE-2004-2111" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-02-16T00:00:00", "db": "BID", "id": "9675" }, { "date": "2004-01-24T00:00:00", "db": "BID", "id": "9483" }, { "date": "2004-01-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-440" }, { "date": "2004-12-31T05:00:00", "db": "NVD", "id": "CVE-2004-2111" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-11-15T00:37:00", "db": "BID", "id": "9675" }, { "date": "2009-07-12T02:06:00", "db": "BID", "id": "9483" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200412-440" }, { "date": "2024-11-20T23:52:31.207000", "db": "NVD", "id": "CVE-2004-2111" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SolarWinds Serv-U File Server Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-200412-440" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "9675" }, { "db": "BID", "id": "9483" } ], "trust": 0.6 } }
cve-2022-38106
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | SolarWinds | Serv-U File Server |
Version: 15.3.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-38106", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T13:23:01.263837Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T20:33:42.146Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106", "tags": [ "x_transferred" ], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106" }, { "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106", "tags": [ "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106" }, { "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm", "tags": [ "x_transferred" ], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Serv-U File Server", "vendor": "SolarWinds", "versions": [ { "status": "affected", "version": "15.3.0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nThis vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. \n\n" } ], "value": "\nThis vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. \n\n" } ], "impacts": [ { "capecId": "CAPEC-63", "descriptions": [ { "lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-15T00:27:54.327174Z", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds" }, "references": [ { "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106" }, { "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106" }, { "name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm", "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n\u003cbr\u003e" } ], "value": "\nSolarWinds advises to upgrade to the latest version of Serv-U File Server 15.3.2 once became generally available.\n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Cross-Site Scripting Vulnerability in Serv-U Web Client ", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2022-38106", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-08-09T00:00:00", "dateUpdated": "2024-08-03T10:45:52.842Z", "serial": 1, "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }