Golden FTP Server <= 2.60 LS Command Traversal Information Disclosure

medium Nessus Plugin ID 18615


The remote FTP server is affected by information disclosure flaws.


The version of Golden FTP Server installed on the remote host is prone to multiple information disclosure vulnerabilities. Specifically, an authenticated attacker can list the contents of the application directory, which provides a list of valid users, and learn the absolute path of any shared directories.


Upgrade to Golden FTP Server 2.70 or later.

Plugin Details

Severity: Medium

ID: 18615

File Name: golden_ftp_server_ls_dir_traversal.nasl

Version: 1.28

Type: remote

Family: FTP

Published: 7/5/2005

Updated: 2/26/2019

Risk Information


Risk Factor: Low

Score: 1.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2005-2142


Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:kmint21_software:golden_ftp_server

Required KB Items: ftp/login, ftp/password

Excluded KB Items: ftp/msftpd, ftp/ncftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/1/2005

Reference Information

CVE: CVE-2005-2142

BID: 14124