Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1221

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1221
Last Modified 05 Sep 2008 05:37:10
Published 10 Mar 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1221

Summary

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

Vulnerable Systems

Application

  • Microworld Technologies Escan 9.0.742.98

  • Microworld Technologies Escan Management Console 9.0.742.1

  • Microworld Technologies Escan Server 9.0.742.1


References

XF - escan-filename-directory-traversal(41033)

BID - 28127

BUGTRAQ - 20080306 Directory traversal in MicroWorld eScan Server 9.0.742.98

SECUNIA - 29246

MISC - http://aluigi.altervista.org/adv/escaz-adv.txt

SREASON - 3723


Last Updated: 27 May 2016 10:47:04