Lucene search

[email protected]CVE-2010-2695

HistoryJul 12, 2010 - 5:30 p.m.

CVE-2010-2695

2010-07-1217:30:02

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-2695

directory traversal

xlight ftp server

sftp

ssh2

vulnerability

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via … (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.

Affected configurations

NVD

Node

xlightftpdxlight_ftp_serverMatch3.5

xlightftpdxlight_ftp_serverMatch3.5.5

CPENameOperatorVersion
xlightftpd:xlight_ftp_serverxlightftpd xlight ftp servereq3.5
xlightftpd:xlight_ftp_serverxlightftpd xlight ftp servereq3.5.5

CPE	Name	Operator	Version
xlightftpd:xlight_ftp_server	xlightftpd xlight ftp server	eq	3.5
xlightftpd:xlight_ftp_server	xlightftpd xlight ftp server	eq	3.5.5

References

osvdb.org/66037

secunia.com/advisories/40473

www.securityfocus.com/archive/1/512192/100/0/threaded

www.xlightftpd.com/whatsnew.htm

exchange.xforce.ibmcloud.com/vulnerabilities/60151

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2010-2695

nessus1 openvas1 prion1 nvd1 cvelist1