FileZilla Server < 0.7.1 Directory Traversal

MEDIUM Log Correlation Engine Plugin ID 800648

Synopsis

The version of FileZilla Server used by this host is vulnerable to information disclosure via directory traversal.

Description

The version of FileZilla Server in use on this host is vulnerable to information disclosure via directory traversal. By submitting relative path references (ie '/../', '..' sequences) in a FTP command, an attacker can obtain access to files outside the root directory tree.

Solution

Upgrade to FileZilla Server 0.7.1 or higher.

See Also

sf.net/projects/filezilla/

Plugin Details

Severity: MEDIUM

ID: 800648

File Name: 800648.prm

Family: FTP Servers

Published: 2013/05/22

Risk Information

Risk Factor: MEDIUM

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2002/05/28

Vulnerability Publication Date: 2002/05/28

Reference Information

BID: 4865