Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0676

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0676
Last Modified 05 Sep 2008 04:39:05
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0676

Summary

Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.

Vulnerable Systems

Application

  • Fastream Netfile Ftp Web Server 6.5.1.980

  • Fastream Netfile Ftp Web Server 6.5.1.981

  • Fastream Netfile Ftp Web Server 6.7.2.1085


References

BID - 10658

XF - fastream-mkdir-file-upload(16613)

MISC - http://www.haxorcitos.com/Fastream_advisory.txt

BUGTRAQ - 20040704 Fastream NETFile FTP/Web Server Input validation Errors


Last Updated: 27 May 2016 10:38:42