Vulnerability CVE-2001-0263


Published: 2001-06-18   Modified: 2012-02-12

Description:
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
VENDOR -> PRODUCT 
Gene6 -> G6 ftp server 

 References:
http://www.atstake.com/research/advisories/2001/a040301-1.txt
http://www.securityfocus.com/bid/2537
https://exchange.xforce.ibmcloud.com/vulnerabilities/6330

Copyright 2024, cxsecurity.com

 

Back to Top