Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310801626HistoryNov 16, 2010 - 12:00 a.m.
Robo-FTP Directory Traversal Vulnerability
2010-11-1600:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
15
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%
Robo-FTP is prone to a directory traversal vulnerability.
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801626");
script_version("2023-07-28T16:09:07+0000");
script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)");
script_cve_id("CVE-2010-4095");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Robo-FTP Directory Traversal Vulnerability");
script_xref(name:"URL", value:"http://secunia.com/advisories/41809");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44073");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/62548");
script_xref(name:"URL", value:"http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html");
script_tag(name:"qod_type", value:"executable_version");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone AG");
script_family("General");
script_dependencies("gb_robo_ftp_client_detect.nasl");
script_mandatory_keys("Robo/FTP/Ver");
script_tag(name:"impact", value:"Successful exploitation will allow attacker to download or upload arbitrary
files. This may aid in further attacks.");
script_tag(name:"affected", value:"Robo-FTP versions prior to 3.7.5.");
script_tag(name:"insight", value:"This flaw is due to an input validation error when downloading
directories containing files with directory traversal specifiers in the
filename. This can be exploited to download files to an arbitrary location
on a user's system.");
script_tag(name:"solution", value:"Upgrade to Robo-FTP version 3.7.5 or later.");
script_tag(name:"summary", value:"Robo-FTP is prone to a directory traversal vulnerability.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www.robo-ftp.com/download/");
exit(0);
}
include("version_func.inc");
roboVer = get_kb_item("Robo/FTP/Ver");
if(roboVer != NULL)
{
if(version_is_less(version:roboVer, test_version:"3.7.5") ){
report = report_fixed_ver(installed_version:roboVer, fixed_version:"3.7.5");
security_message(port: 0, data: report);
}
}
Related
cve
cve
CVE-2010-4095
2010-10-26 20:00:01
openvas
openvas
Robo-FTP Directory Traversal Vulnerability
2010-11-16 00:00:00
cvelist
cvelist
CVE-2010-4095
2010-10-26 19:00:00
nvd
nvd
CVE-2010-4095
2010-10-26 20:00:01
htbridge
htbridge
Directory Traversal Vulnerability in Robo-FTP
2010-09-27 00:00:00
prion
prion
Directory traversal
2010-10-26 20:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.6%
Related for OPENVAS:1361412562310801626