Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5692

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5692
Last Modified 07 Mar 2011 10:14:58
Published 19 Dec 2008 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5692

Summary

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

Vulnerable Systems

Application

  • Ipswitch Ws Ftp 1.0.5

  • Ipswitch Ws Ftp 2.01

  • Ipswitch Ws Ftp 2.02

  • Ipswitch Ws Ftp 2.03

  • Ipswitch Ws Ftp 3.0

  • Ipswitch Ws Ftp 3.0.1

  • Ipswitch Ws Ftp 3.1.0

  • Ipswitch Ws Ftp 3.1.1

  • Ipswitch Ws Ftp 3.1.2

  • Ipswitch Ws Ftp 3.1.3

  • Ipswitch Ws Ftp 3.14

  • Ipswitch Ws Ftp 4.00

  • Ipswitch Ws Ftp 4.01

  • Ipswitch Ws Ftp 4.02

  • Ipswitch Ws Ftp 5.00

  • Ipswitch Ws Ftp 5.01

  • Ipswitch Ws Ftp 5.02

  • Ipswitch Ws Ftp 5.03

  • Ipswitch Ws Ftp 5.04

  • Ipswitch Ws Ftp 5.05

  • Ipswitch Ws Ftp 6.0

  • Ipswitch Ws Ftp 6.1


References

VUPEN - ADV-2008-0473

BID - 27654

BUGTRAQ - 20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0

BUGTRAQ - 20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0

SREASON - 4799

SECUNIA - 28822

CONFIRM - http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12

MISC - http://aluigi.altervista.org/adv/wsftpweblog-adv.txt


Last Updated: 27 May 2016 10:48:53