CVE-1999-0997

1999-12-2005:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.125

Percentile

95.5%

JSON

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Affected configurations

Nvd

Node

millenux_gmbhanonftpMatch2.8.1

university_of_washingtonwu-ftpdMatch2.4.2

university_of_washingtonwu-ftpdMatch2.5.0

university_of_washingtonwu-ftpdMatch2.6.0

Node

redhatlinuxMatch5.2

redhatlinuxMatch6.0

redhatlinuxMatch6.1

VendorProductVersionCPE
millenux_gmbhanonftp2.8.1cpe:2.3:a:millenux_gmbh:anonftp:2.8.1:*:*:*:*:*:*:*
university_of_washingtonwu-ftpd2.4.2cpe:2.3:a:university_of_washington:wu-ftpd:2.4.2:*:*:*:*:*:*:*
university_of_washingtonwu-ftpd2.5.0cpe:2.3:a:university_of_washington:wu-ftpd:2.5.0:*:*:*:*:*:*:*
university_of_washingtonwu-ftpd2.6.0cpe:2.3:a:university_of_washington:wu-ftpd:2.6.0:*:*:*:*:*:*:*
redhatlinux5.2cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
redhatlinux6.0cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
redhatlinux6.1cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
millenux_gmbh	anonftp	2.8.1	cpe:2.3:a:millenux_gmbh:anonftp:2.8.1:::::::*
university_of_washington	wu-ftpd	2.4.2	cpe:2.3:a:university_of_washington:wu-ftpd:2.4.2:::::::*
university_of_washington	wu-ftpd	2.5.0	cpe:2.3:a:university_of_washington:wu-ftpd:2.5.0:::::::*
university_of_washington	wu-ftpd	2.6.0	cpe:2.3:a:university_of_washington:wu-ftpd:2.6.0:::::::*
redhat	linux	5.2	cpe:2.3:o:redhat:linux:5.2:::::::*
redhat	linux	6.0	cpe:2.3:o:redhat:linux:6.0:::::::*
redhat	linux	6.1	cpe:2.3:o:redhat:linux:6.1:::::::*