Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5693

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5693
Last Modified 18 Feb 2009 01:25:21
Published 19 Dec 2008 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5693

Summary

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

Vulnerable Systems

Application

  • Ipswitch Ws Ftp 1.0.5

  • Ipswitch Ws Ftp 2.01

  • Ipswitch Ws Ftp 2.02

  • Ipswitch Ws Ftp 2.03

  • Ipswitch Ws Ftp 3.0

  • Ipswitch Ws Ftp 3.0.1

  • Ipswitch Ws Ftp 3.1.0

  • Ipswitch Ws Ftp 3.1.1

  • Ipswitch Ws Ftp 3.1.2

  • Ipswitch Ws Ftp 3.1.3

  • Ipswitch Ws Ftp 3.14

  • Ipswitch Ws Ftp 4.00

  • Ipswitch Ws Ftp 4.01

  • Ipswitch Ws Ftp 4.02

  • Ipswitch Ws Ftp 5.00

  • Ipswitch Ws Ftp 5.01

  • Ipswitch Ws Ftp 5.02

  • Ipswitch Ws Ftp 5.03

  • Ipswitch Ws Ftp 5.04

  • Ipswitch Ws Ftp 5.05

  • Ipswitch Ws Ftp 6.0

  • Ipswitch Ws Ftp 6.1


References

XF - wsftpserver-wsftpsvr-info-disclosure(47677)

BID - 27654

BUGTRAQ - 20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0

BUGTRAQ - 20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0

SREASON - 4799

MISC - http://aluigi.altervista.org/adv/wsftpweblog-adv.txt


Last Updated: 27 May 2016 10:48:53