Test Kennung:	1.3.6.1.4.1.25623.1.0.10933
Kategorie:	FTP
Titel:	EFTP tells if a given file exists
Zusammenfassung:	The remote FTP server can be used to determine if a given; file exists on the remote host or not, by adding dot-dot-slashes in front of them.
Beschreibung:	Summary: The remote FTP server can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them. Vulnerability Insight: For instance, it is possible to determine the presence of \autoexec.bat by using the command SIZE or MDTM on ../../../../autoexec.bat Vulnerability Impact: An attacker may use this flaw to gain more knowledge about this host, such as its file layout. This flaw is specially useful when used with other vulnerabilities. Solution: Update your EFTP server to 2.0.8.348 or change it. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 3333 Common Vulnerability Exposure (CVE) ID: CVE-2001-1109 BugTraq ID: 3331 http://www.securityfocus.com/bid/3331 http://www.securityfocus.com/bid/3333 Bugtraq: 20010912 EFTP Version 2.0.7.337 vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/213647 http://www.eftp.org/releasehistory.html XForce ISS Database: eftp-list-directory-traversal(7113) https://exchange.xforce.ibmcloud.com/vulnerabilities/7113 XForce ISS Database: eftp-quote-reveal-information(7114) https://exchange.xforce.ibmcloud.com/vulnerabilities/7114
Copyright	Copyright (C) 2001 Michel Arboi

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.