Detections
Analytics

NETFile FTP/Web Server Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 18223

Language:

Synopsis

The remote web server is vulnerable to a directory traversal attack.

Description

The version of NETFile FTP/Web server installed on the remote host is prone to directory traversal attacks. Specifically, an attacker can create directories outside the server's folder path with a specially crafted URL. The attacker may also be able to delete arbitrary files and directories on the remote host.

Solution

Configure NETFile with tighter file and folder rights for users and groups or upgrade to NETFile FTP/Web Server version 7.5.0 Beta 7 or later.

See Also

http://www.security.org.sg/vuln/netfileftp746.html

Plugin Details

Severity: Medium

ID: 18223

File Name: netfile_ftpd_traversal.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 5/14/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:fastream:netfile_ftp_web_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/26/2005

Reference Information

BID: 13388