Lucene search

[email protected]CVE-2008-6424

HistoryMar 06, 2009 - 6:30 p.m.

CVE-2008-6424

2009-03-0618:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2008

6424

ffftp

directory traversal

remote servers

ftp

list command

file creation

file overwrite

security vulnerability

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a … (dot dot).

Affected configurations

NVD

Node

jun_sotaffftpMatch1.96b

CPENameOperatorVersion
jun_sota:ffftpjun sota ffftpeq1.96b

CPE	Name	Operator	Version
jun_sota:ffftp	jun sota ffftp	eq	1.96b

References

osvdb.org/45894

secunia.com/advisories/30428

vuln.sg/FFFTP196b-en.html

www.securityfocus.com/bid/29459

www.vupen.com/english/advisories/2008/1708/references

exchange.xforce.ibmcloud.com/vulnerabilities/42796

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2008-6424

openvas2 prion1 cvelist1 nvd1