{"id": "CVE-2001-0295", "bulletinFamily": "NVD", "title": "CVE-2001-0295", "description": "Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a \"dir *./../..\" command.", "published": "2001-05-03T04:00:00", "modified": "2016-10-18T02:10:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0295", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/2444", "http://marc.info/?l=bugtraq&m=98390925726814&w=2", "http://www.osvdb.org/874", "http://support.jgaa.com/?cmd=ShowArticle&ID=31"], "cvelist": ["CVE-2001-0295"], "type": "cve", "lastseen": "2019-05-29T18:07:37", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "61fcc551e68d4bee05f124ef823323be"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a79bf943b9471e458e0e68d2e3aa59b9"}, {"key": "cpe23", "hash": "c6f209164ecb6860d3f88b6da937520c"}, {"key": "cvelist", "hash": "8ba88906d7c3588aff355bf4f5e85fdc"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "ebf690ce10b663af9d7bb92b58124339"}, {"key": "href", "hash": "88b028cbfea15047e00cbbb1f8ea2dd3"}, {"key": "modified", "hash": "19774a6ef4779ca3daf799694a0c2404"}, {"key": "published", "hash": "947a86afb71a339ff9a1217343c0e431"}, {"key": "references", "hash": "8879b0bb1cbf4efb6f9a5cc7ee0ec8d5"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "42ecde065a6c0b790d158eed3d537bac"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1c9dcf26c83652d56c4c78b2dd919d0546ab3bf83ac66c0dce2cc450843f2825", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:874"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231011206", "OPENVAS:11206"]}, {"type": "exploitdb", "idList": ["EDB-ID:20661"]}, {"type": "nessus", "idList": ["DDI_WARFTPD_DIR_TRAVERSAL.NASL"]}], "modified": "2019-05-29T18:07:37"}, "score": {"value": 5.5, "vector": "NONE", "modified": "2019-05-29T18:07:37"}, "vulnersScore": 5.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:jarle_aase:war_ftpd:1.67b04"], "affectedSoftware": [{"name": "jarle_aase war_ftpd", "operator": "eq", "version": "1.67b04"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:jarle_aase:war_ftpd:1.67b04:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T14:44:55", "bulletinFamily": "exploit", "description": "Jarle Aase War FTPD 1.67 b04 Directory Traversal Vulnerability. CVE-2001-0295. Remote exploit for windows platform", "modified": "2001-03-06T00:00:00", "published": "2001-03-06T00:00:00", "id": "EDB-ID:20661", "href": "https://www.exploit-db.com/exploits/20661/", "type": "exploitdb", "title": "jarle aase war ftpd 1.67 b04 - Directory Traversal Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/2444/info\r\n\r\nA remote user could gain read access to directories outside of the ftp root in a Jarle Aase War FTPD Server. Once a user is logged into the server, a specially crafted 'dir' command will disclose an arbitrary directory. This vulnerability could allow an attacker to gain read access to various files residing on the target machine. \r\n\r\ndir *./../.. ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/20661/"}], "openvas": [{"lastseen": "2019-05-29T18:31:58", "bulletinFamily": "scanner", "description": "The version of WarFTPd running on this host contains a vulnerability that\n may allow a potential intruder to gain read access to directories and files\n outside of the ftp root. By sending a specially crafted ", "modified": "2019-02-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011206", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011206", "title": "War FTP Daemon Directory Traversal", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: DDI_warftpd_dir_traversal.nasl 13499 2019-02-06 12:55:20Z cfischer $\n# Description: War FTP Daemon Directory Traversal\n#\n# Authors:\n# Erik Tayler <erik@digitaldefense.net>\n#\n# Copyright:\n# Copyright (C) 2003 Digital Defense, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11206\");\n script_version(\"$Revision: 13499 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-06 13:55:20 +0100 (Wed, 06 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(2444);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2001-0295\");\n script_name(\"War FTP Daemon Directory Traversal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2003 Digital Defense, Inc.\");\n script_family(\"FTP\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ftp/war_ftpd/detected\");\n\n script_xref(name:\"URL\", value:\"ftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/\");\n\n script_tag(name:\"solution\", value:\"Visit the referenced link and download the latest version of WarFTPd.\");\n\n script_tag(name:\"summary\", value:\"The version of WarFTPd running on this host contains a vulnerability that\n may allow a potential intruder to gain read access to directories and files\n outside of the ftp root. By sending a specially crafted 'dir' command,\n the server may disclose an arbitrary directory.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\nport = get_ftp_port(default:21);\nr = get_ftp_banner(port:port);\nif(!r)exit(0);\n\nif( egrep(pattern:\"WAR-FTPD 1\\.(6[0-5]|[0-5].*)\", string:r) || \"WAR-FTPD 1.67-04\" >< r ) {\n security_message(port:port);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:07", "bulletinFamily": "scanner", "description": "The version of WarFTPd running on this host contains a vulnerability that\nmay allow a potential intruder to gain read access to directories and files\noutside of the ftp root. By sending a specially crafted 'dir' command, \nthe server may disclose an arbitrary directory.", "modified": "2017-05-01T00:00:00", "published": "2005-11-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=11206", "id": "OPENVAS:11206", "title": "War FTP Daemon Directory Traversal", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: DDI_warftpd_dir_traversal.nasl 6053 2017-05-01 09:02:51Z teissa $\n# Description: War FTP Daemon Directory Traversal\n#\n# Authors:\n# Erik Tayler <erik@digitaldefense.net>\n#\n# Copyright:\n# Copyright (C) 2003 Digital Defense, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The version of WarFTPd running on this host contains a vulnerability that\nmay allow a potential intruder to gain read access to directories and files\noutside of the ftp root. By sending a specially crafted 'dir' command, \nthe server may disclose an arbitrary directory.\";\n\ntag_solution = \"Visit the following link and download the latest version of WarFTPd:\n\nftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/\";\n\n\nif(description)\n{\n\tscript_id(11206);\n\tscript_version(\"$Revision: 6053 $\");\n\tscript_tag(name:\"last_modification\", value:\"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $\");\n\tscript_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n\tscript_bugtraq_id(2444);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\t\n\tscript_cve_id(\"CVE-2001-0295\");\n\t\n\tname = \"War FTP Daemon Directory Traversal\";\n\tscript_name(name);\n\n\n\tsummary = \"WarFTPd Directory Traversal\";\n\tscript_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\tscript_copyright(\"This script is Copyright (C) 2003 Digital Defense, Inc.\");\n\tfamily = \"FTP\";\n\tscript_family(family);\n\tscript_dependencies(\"find_service_3digits.nasl\");\n\tscript_require_ports(\"Services/ftp\", 21);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n\texit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\nport = get_kb_item(\"Services/ftp\");\n\nif(!port)port = 21;\n\nif(get_port_state(port))\n{\n\tr = get_ftp_banner(port:port);\n\tif(!r)exit(0);\n\n\tif( (egrep(pattern:\"WAR-FTPD 1\\.(6[0-5]|[0-5].*)\",string:r)) || (\"WAR-FTPD 1.67-04\" >< r) )\n\t{\n\t\tsecurity_message(port);\n\t}\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "## Vulnerability Description\nWarFTPd contains a flaw that allows a remote attacker to obtain arbitrary directory listings outside of the FTP root path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the \"dir\" command.\n## Solution Description\nUpgrade to version 1.67 b5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWarFTPd contains a flaw that allows a remote attacker to obtain arbitrary directory listings outside of the FTP root path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the \"dir\" command.\n## Manual Testing Notes\nftp [victim]\n\nftp> dir *./../..\n200 Port command okay.\n150 Opening ASCII NO-PRINT mode data connection \nfor ls *./../...\ntotal 123\n## References:\nVendor URL: http://www.jgaa.com/index.php?menu=154\n[Vendor Specific Advisory URL](http://support.jgaa.com/?cmd=ShowArticle&ID=31&PHPSESSID=aa1c35465afde3e0ac6abf9df0c691e0)\n[Nessus Plugin ID:11206](https://vulners.com/search?query=pluginID:11206)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-03/0042.html\nKeyword: Directory Traversal\nISS X-Force ID: 6197\n[CVE-2001-0295](https://vulners.com/cve/CVE-2001-0295)\nBugtraq ID: 2444\n", "modified": "2001-03-06T00:00:00", "published": "2001-03-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:874", "id": "OSVDB:874", "title": "WarFTPd Arbitrary Directory Listing", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T02:03:43", "bulletinFamily": "scanner", "description": "The version of WarFTPd running on this host contains a vulnerability\nthat may allow a potential intruder to gain read access to directories\nand files outside of the ftp root. By sending a specially crafted\n", "modified": "2019-11-02T00:00:00", "id": "DDI_WARFTPD_DIR_TRAVERSAL.NASL", "href": "https://www.tenable.com/plugins/nessus/11206", "published": "2003-01-22T00:00:00", "title": "WarFTPd dir Command Traversal Arbitrary Directory Listing", "type": "nessus", "sourceData": "#\n# This script was written by Erik Tayler <erik@digitaldefense.net>\n#\n# See the Nessus Scripts License for details\n#\n# Changes by Tenable:\n# - Revised plugin title (2/04/2009)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n\tscript_id(11206);\n\tscript_version(\"1.18\");\n\n\tscript_cve_id(\"CVE-2001-0295\");\n\tscript_bugtraq_id(2444);\n\t\n\tscript_name(english:\"WarFTPd dir Command Traversal Arbitrary Directory Listing\");\n\tscript_summary(english:\"WarFTPd Directory Traversal\");\n\n\tscript_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP service is prone to directory traversal attack.\");\n\tscript_set_attribute(attribute:\"description\", value:\n\"The version of WarFTPd running on this host contains a vulnerability\nthat may allow a potential intruder to gain read access to directories\nand files outside of the ftp root. By sending a specially crafted\n'dir' command, the server may disclose an arbitrary directory.\");\n\tscript_set_attribute(attribute:\"see_also\", value:\n\"https://seclists.org/bugtraq/2001/Mar/72\");\n\tscript_set_attribute(attribute:\"solution\", value:\n\"Upgrade to WarFTPd version 1.67 b5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\tscript_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2003/01/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/03/06\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\tscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n\tscript_end_attributes();\n\n\tscript_category(ACT_ATTACK);\n\tscript_copyright(english:\"This script is Copyright (C) 2003-2011 Digital Defense, Inc.\");\n\tscript_family(english:\"FTP\");\n\tscript_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n\tscript_require_ports(\"Services/ftp\", 21);\n\texit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\nport = get_ftp_port(default: 21);\n\nr = get_ftp_banner(port:port);\nif (! r) exit(1);\n\n\tif( (egrep(pattern:\"WAR-FTPD 1\\.(6[0-5]|[0-5].*)\",string:r)) || (\"WAR-FTPD 1.67-04\" >< r) )\n\t{\n\t\tsecurity_warning(port);\n\t}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}