5

CVE-2008-5693

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.

Data is provided by the National Vulnerability Database (NVD)
IpswitchWs Ftp Version <= 6.1
IpswitchWs Ftp Version1.0.5
IpswitchWs Ftp Version2.01
IpswitchWs Ftp Version2.02
IpswitchWs Ftp Version2.03
IpswitchWs Ftp Version3.0
IpswitchWs Ftp Version3.0.1
IpswitchWs Ftp Version3.1.0
IpswitchWs Ftp Version3.1.1
IpswitchWs Ftp Version3.1.2
IpswitchWs Ftp Version3.1.3
IpswitchWs Ftp Version3.14
IpswitchWs Ftp Version4.00
IpswitchWs Ftp Version4.01
IpswitchWs Ftp Version4.02
IpswitchWs Ftp Version5.00
IpswitchWs Ftp Version5.01
IpswitchWs Ftp Version5.02
IpswitchWs Ftp Version5.03
IpswitchWs Ftp Version5.04
IpswitchWs Ftp Version5.05
IpswitchWs Ftp Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.164
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.