Lucene search

[email protected]CVE-2013-3922

HistoryNov 25, 2013 - 7:55 p.m.

CVE-2013-3922

2013-11-2519:55:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-3922

gummy bear studios

ftp drive

http server

directory traversal

remote attackers

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a …%2f (encoded dot dot slash) in a GET request.

Affected configurations

NVD

Node

gummybearstudiosftp_drive_\+_http_serverRange≤1.0.4

CPENameOperatorVersion
gummybearstudios:ftp_drive_\+_http_servergummybearstudios ftp drive + http serverle1.0.4

CPE	Name	Operator	Version
gummybearstudios:ftp_drive_\+_http_server	gummybearstudios ftp drive + http server	le	1.0.4

References

exchange.xforce.ibmcloud.com/vulnerabilities/89161

www.trustwave.com/spiderlabs/advisories/TWSL2013-032.txt

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2013-3922

cvelist1 nvd1 prion1