Wing FTP Server HTTP Directory Traversal Vulnerability

2010-04-28T00:00:00
ID SSV:19523
Type seebug
Reporter Root
Modified 2010-04-28T00:00:00

Description

Christian Navarrete has discovered a vulnerability in Wing FTP Server, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an input validation error when processing HTTP requests. This can be exploited to access files outside the web root folder via directory traversal attacks.

The vulnerability is confirmed in version 3.4.3 on a Windows system. Other versions may also be affected.

Wing FTP Server 3.x Filter malicious requests using a proxy.