FTP Server Traversal Arbitrary File Access

medium Nessus Plugin ID 11112

Synopsis

The remote FTP server is susceptible to a directory traversal attack.

Description

The remote FTP server allows users to browse the entire remote disk by issuing commands with traversal style characters. An attacker could exploit this flaw to gain access to arbitrary files.

Solution

Contact your vendor for the latest version of the FTP software.

See Also

http://www.nessus.org/u?83ccf5c4

https://seclists.org/bugtraq/2001/May/248

https://seclists.org/bugtraq/2004/Sep/119

https://seclists.org/bugtraq/2001/May/35

Plugin Details

Severity: Medium

ID: 11112

File Name: ftp_traversal.nasl

Version: 1.60

Type: remote

Family: FTP

Published: 8/27/2002

Updated: 2/26/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2001-0582

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

Required KB Items: ftp/login

Excluded KB Items: ftp/ncftpd, ftp/msftpd

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/13/2001

Reference Information

CVE: CVE-2001-0582, CVE-2001-0680, CVE-2001-1335, CVE-2004-1679

BID: 11159, 2618, 2786, 38756, 44759, 5168