Lucene search

[email protected]CVE-2008-5275

HistoryNov 28, 2008 - 7:00 p.m.

CVE-2008-5275

2008-11-2819:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-5275

directory traversal

net2ftp

code execution

tar

zip

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Multiple directory traversal vulnerabilities in the (a) “Unzip archive” and (b) “Upload files and archives” functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a … (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.

CPENameOperatorVersion
net2ftp:net2ftpnet2ftpeq0.97
net2ftp:net2ftpnet2ftpeq0.96

CPE	Name	Operator	Version
net2ftp:net2ftp	net2ftp	eq	0.97
net2ftp:net2ftp	net2ftp	eq	0.96

References

secunia.com/advisories/30611

vuln.sg/net2ftp096-en.html

www.securityfocus.com/bid/29664

exchange.xforce.ibmcloud.com/vulnerabilities/42994

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2008-5275

cvelist1 prion1