CVE-2009-4053

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/37381	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54303	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:home_ftp_server_project:home_ftp_server:1.10.1.139:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-11-23 17:30

Updated : 2024-01-26 17:54

NVD link : CVE-2009-4053

Mitre link : CVE-2009-4053

CVE.ORG link : CVE-2009-4053

JSON object : View

Products Affected

home_ftp_server_project

home_ftp_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2009-4053", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2009-11-23T17:30:00.767", "references": [{"url": "http://secunia.com/advisories/37381", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54303", "tags": ["Third Party Advisory", "VDB Entry"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Home FTP Server v1.10.1.139 permiten a usuarios autenticados remtos (1) crear directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en un comando MKD o (2) crear ficheros con cualquier contenido en directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en una petici\u00f3n de subida de fichero. NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles han sido obtenidos \u00fanicamente de informaci\u00f3n de terceras partes."}], "lastModified": "2024-01-26T17:54:29.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:home_ftp_server_project:home_ftp_server:1.10.1.139:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2377037F-B08A-4896-9466-666F2D65E337"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}