PT-2001-1523 · Typsoft · Typsoft Ftp Server

Published

2001-04-04

Updated

2008-09-05

CVE-2001-0294

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions TYPSoft FTP Server version 0.85

Description The issue allows remote attackers to read arbitrary files. This can be achieved via a directory traversal attack by including a .. (dot dot) in a GET command or a ... in a CWD command.

Recommendations For TYPSoft FTP Server version 0.85, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available. Avoid using the .. (dot dot) sequence in GET commands and the ... sequence in CWD commands to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0294

Affected Products

Typsoft Ftp Server

PT-2001-1523 · Typsoft · Typsoft Ftp Server

CVE-2001-0294

Related Identifiers

Affected Products

References · 2