Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1380

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1380
Last Modified 05 Sep 2008 04:36:47
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1380

Summary

Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.

Vulnerable Systems


References

XF - bisonftp-ls-view-files(11347)

BID - 6873

BUGTRAQ - 20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP


Last Updated: 27 May 2016 10:38:20