TwinFTP < 1.0.3 R3 Server Directory Traversal File Access

Medium Nessus Network Monitor Plugin ID 2279

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running TwinFTP FTP Server. It is reported that TwinFTP is prone to a directory traversal issue. An attacker may read and write files outside the FTP server root directory with the FTP server process privileges.

Solution

Upgrade to TwinFTP Enterprise or Standard 1.0.3 R3 or higher.

Plugin Details

Severity: Medium

ID: 2279

Family: FTP Servers

Published: 2004/09/13

Modified: 2016/01/21

Dependencies: 1803, 1804, 3222

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2001-1335, CVE-2004-1679

BID: 2786, 11159