Lucene search

[email protected]CVE-2010-2695

HistoryJul 12, 2010 - 5:30 p.m.

CVE-2010-2695

2010-07-1217:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-2695

directory traversal

xlight ftp server

sftp

ssh2

vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via … (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.

CPENameOperatorVersion
xlightftpd:xlight_ftp_serverxlightftpd xlight ftp servereq3.5
xlightftpd:xlight_ftp_serverxlightftpd xlight ftp servereq3.5.5

CPE	Name	Operator	Version
xlightftpd:xlight_ftp_server	xlightftpd xlight ftp server	eq	3.5
xlightftpd:xlight_ftp_server	xlightftpd xlight ftp server	eq	3.5.5

References

osvdb.org/66037

secunia.com/advisories/40473

www.securityfocus.com/archive/1/512192/100/0/threaded

www.xlightftpd.com/whatsnew.htm

exchange.xforce.ibmcloud.com/vulnerabilities/60151

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2010-2695

prion1 nessus1 openvas1 cvelist1