Multiple FTP Server Traversal Arbitrary File/Directory Access

medium Nessus Plugin ID 11466

Synopsis

The remote FTP server allows arbitrary file access

Description

The remote FTP server allows anybody to switch to the root directory and read potentially sensitive files.

Solution

If this is Thomas Krebs Nite Server, upgrade to version 1.85 or later.
Otherwise contact your vendor for the appropriate patch.

See Also

https://seclists.org/vulnwatch/2003/q1/23

Plugin Details

Severity: Medium

ID: 11466

File Name: niteserver_ftp_dir_trav.nasl

Version: 1.34

Type: remote

Family: FTP

Published: 3/25/2003

Updated: 2/11/2022

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2003-1349

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, ftp/login

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/6/2003

Reference Information

CVE: CVE-2003-1349

BID: 6648

CWE: 22