CVE-2001-0687

Name of the Vulnerable Software and Affected Versions: Broker FTP server version 5.9.5

Description: The issue allows a remote attacker to retrieve privileged web server system information. This can be achieved by issuing a CD command (CD C:) followed by the LS command, or by specifying arbitrary paths in the UNC format (computernamesharename).

Recommendations: For Broker FTP server version 5.9.5, consider restricting access to the LS command and limiting the ability to specify arbitrary paths in the UNC format to minimize the risk of exploitation. As a temporary workaround, restrict the use of the CD command to prevent attackers from navigating to sensitive directories.