Lucene search

[email protected]CVE-2010-4149

HistoryNov 02, 2010 - 2:26 a.m.

CVE-2010-4149

2010-11-0202:26:23

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-4149

directory traversal

freshwebmaster fresh ftp

security vulnerability

arbitrary file write

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "…" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

freshwebmasterfresh_ftpRange≤5.37

freshwebmasterfresh_ftpMatch5.36

CPENameOperatorVersion
freshwebmaster:fresh_ftpfreshwebmaster fresh ftple5.37
freshwebmaster:fresh_ftpfreshwebmaster fresh ftpeq5.36

CPE	Name	Operator	Version
freshwebmaster:fresh_ftp	freshwebmaster fresh ftp	le	5.37
freshwebmaster:fresh_ftp	freshwebmaster fresh ftp	eq	5.36

References

packetstormsecurity.org/1010-exploits/freshftp-traversal.txt

secunia.com/advisories/41798

www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html

www.osvdb.org/68667

www.securityfocus.com/archive/1/514259/100/0/threaded

www.securityfocus.com/bid/44072

exchange.xforce.ibmcloud.com/vulnerabilities/62555

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2010-4149

openvas2 nvd1 htbridge1 prion1 cvelist1