Multiple FTP Server Traversal Arbitrary File/Directory Access

Medium Nessus Plugin ID 11466


The remote FTP server allows arbitrary file access


The remote FTP server allows anybody to switch to the root directory and read potentialy sensitive files.


If this is Thomas Krebs Nite Server, upgrade to version 1.85 or later.
Otherwise contact your vendor for the appropriate patch.

See Also

Plugin Details

Severity: Medium

ID: 11466

File Name: niteserver_ftp_dir_trav.nasl

Version: $Revision: 1.28 $

Type: remote

Family: FTP

Published: 2003/03/25

Modified: 2016/11/23

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:C

Vulnerability Information

Required KB Items: ftp/login, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/08/06

Reference Information

CVE: CVE-2003-1349

BID: 6648

OSVDB: 2126, 51637

CWE: 22