ID CVE-2001-1335 Type cve Reporter NVD Modified 2008-09-10T15:10:19
Description
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1335", "history": [], "references": ["http://www.iss.net/security_center/static/6606.php", "http://www.securityfocus.com/bid/2786", "http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html"], "lastseen": "2016-09-03T03:11:42", "bulletinFamily": "NVD", "title": "CVE-2001-1335", "cpe": ["cpe:/a:aclogic:cesarftp:0.98b"], "viewCount": 1, "id": "CVE-2001-1335", "hash": "81ce2722787695fe7712417c923bd5900f75ed54445e5f15e6d22d89453ccf20", "description": "Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2001-1335"], "scanner": [], "modified": "2008-09-10T15:10:19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2001-05-27T00:00:00", "enchantments": {"vulnersScore": 5.0}}
{"result": {"exploitdb": [{"id": "EDB-ID:20884", "type": "exploitdb", "title": "ACLogic CesarFTP 0.98b - Directory Traversal Vulnerability", "description": "ACLogic CesarFTP 0.98 b Directory Traversal Vulnerability. CVE-2001-1335. Remote exploit for windows platform", "published": "2001-05-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/20884/", "cvelist": ["CVE-2001-1335"], "lastseen": "2016-02-02T15:12:37"}], "osvdb": [{"id": "OSVDB:8982", "type": "osvdb", "title": "CesarFTP GET Modified Triple Dot Arbitrary File Access", "description": "## Vulnerability Description\nCesarFTP contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the GET command.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nCesarFTP contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the GET command.\n## Manual Testing Notes\nVisit a directory to which you have access.\n\nFor example, if the directory were named \"RESTRICTED\", entering the following would grant access to the victim's harddrive:\n\nftp://[victim]/RESTRICTED/...%5c/\n## References:\nSecurity Tracker: 1001624\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html\nKeyword: Directory Traversal\nISS X-Force ID: 6606\n[CVE-2001-1335](https://vulners.com/cve/CVE-2001-1335)\nBugtraq ID: 2786\n", "published": "2001-05-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:8982", "cvelist": ["CVE-2001-1335"], "lastseen": "2017-04-28T13:20:04"}], "nessus": [{"id": "FTP_TRAVERSAL.NASL", "type": "nessus", "title": "FTP Server Traversal Arbitrary File Access", "description": "The remote FTP server allows users to browse the entire remote disk by issuing commands with traversal style characters. An attacker could exploit this flaw to gain access to arbitrary files.", "published": "2002-08-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11112", "cvelist": ["CVE-2001-1335", "CVE-2004-1679", "CVE-2001-0680", "CVE-2001-0582"], "lastseen": "2016-10-11T01:26:01"}, {"id": "CESARFTP_OVERFLOWS.NASL", "type": "nessus", "title": "CesarFTP Multiple Vulnerabilities (OF, File Access, more)", "description": "The remote host is running CesarFTP, an FTP server for Windows systems. \n\nThere are multiple flaws in this version of CesarFTP that could allow an attacker to execute arbitrary code on this host, or simply to disable this server remotely.", "published": "2003-06-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11755", "cvelist": ["CVE-2001-1335", "CVE-2003-0329", "CVE-2001-1336", "CVE-2004-0298", "CVE-2006-2961", "CVE-2001-0826"], "lastseen": "2016-10-07T21:24:02"}]}}
