9.3
CVE-2008-2702
- EPSS 10.7%
- Veröffentlicht 13.06.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.7% | 0.952 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://secunia.com/advisories/30559
http://vuln.sg/alftp41b2-en.html
http://www.securityfocus.com/bid/29585
http://www.vupen.com/english/advisories/2008/1763/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42900