cnvd - cnvd-2017-03691

cnvd-2017-03691

Vulnerability from cnvd

Title

Easy File Sharing FTP Server目录遍历漏洞

Description

EFS Software Easy File Sharing FTP Server是荷兰EFS Software公司的一套简单易用功能强大的FTP Server软件。 Easy File Sharing FTP Server存在目录遍历漏洞，该漏洞源于未能充分验证用户输入。远程攻击者可以利用特制的路径遍历序列（‘../’）检索敏感信息并修改任意文件。

Severity

中

Formal description

目前没有详细的解决方案提供： https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp

Reference

https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp http://www.securityfocus.com/bid/96944

Impacted products

Name
EFS Software Easy File Sharing FTP Server 3.6

Show details on source website

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96944"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6510"
    }
  },
  "description": "EFS Software Easy File Sharing FTP Server\u662f\u8377\u5170EFS Software\u516c\u53f8\u7684\u4e00\u5957\u7b80\u5355\u6613\u7528\u529f\u80fd\u5f3a\u5927\u7684FTP Server\u8f6f\u4ef6\u3002\r\n\r\nEasy File Sharing FTP Server\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u7279\u5236\u7684\u8def\u5f84\u904d\u5386\u5e8f\u5217\uff08\u2018../\u2019\uff09\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u5e76\u4fee\u6539\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Ahmed Elhady Mohamed",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03691",
  "openTime": "2017-03-30",
  "products": {
    "product": "EFS Software Easy File Sharing FTP Server 3.6"
  },
  "referenceLink": "https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp\r\nhttp://www.securityfocus.com/bid/96944",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-21",
  "title": "Easy File Sharing FTP Server\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

CVE-2017-6510 (GCVE-0-2017-6510)

Vulnerability from cvelistv5

Published

2017-03-16 14:00

Modified

2024-08-05 15:33

Severity ?

CWE

n/a

Summary

Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.

References

URL

Tags

	http://www.securityfocus.com/bid/96944	vdb-entry, x_refsource_BID
	https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96944",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96944"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-20T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "96944",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96944"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96944",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96944"
            },
            {
              "name": "https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp",
              "refsource": "MISC",
              "url": "https://www.rapid7.com/db/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-6510",
    "datePublished": "2017-03-16T14:00:00",
    "dateReserved": "2017-03-07T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.