CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
80.1%
Surge FTP Server 2.0a contains a directory traversal vulnerability.
Surge FTP Server 2.0a allows remote users to list files outside the FTP root directory.
Attackers may list files from directories to which access was not granted.
Upgrade to version 2.0b, available at:
<http://www.netwinsite.com/surgeftp>
219043
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 20, 2001 Updated: January 16, 2002
Affected
“Surgeftp has many settings, and you can configure it to give you access to the entire filesystem with access rights of the username that you logged in with, which works great when you have it all set up correctly, unfortunately Windows isn’t configured in the best way (from fresh install) for the access rights to work correctly.”
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23219043 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Sentry Research Labs for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
CVE IDs: | CVE-2001-0698 |
---|---|
Severity Metric: | 1.84 Date Public: |