Lucene search

[email protected]CVE-2008-2779

HistoryJun 19, 2008 - 8:41 p.m.

CVE-2008-2779

2008-06-1920:41:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2779

directory traversal

globalscape cuteftp

ftp server

arbitrary file creation

code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via …\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

NVD

Node

globalscapecuteftpMatch8.2.0home

globalscapecuteftpMatch8.2.0pro

CPENameOperatorVersion
globalscape:cuteftpglobalscape cuteftpeq8.2.0

CPE	Name	Operator	Version
globalscape:cuteftp	globalscape cuteftp	eq	8.2.0

References

secunia.com/advisories/29760

vuln.sg/cuteftp820-en.html

www.securitytracker.com/id?1020113

www.vupen.com/english/advisories/2008/1653/references

exchange.xforce.ibmcloud.com/vulnerabilities/42633

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2008-2779

prion8 cvelist9 nvd9 cert1 cve8 securityvulns2