PT-2001-1870 · Broker · Broker Ftp Server

Published

2001-08-29

Updated

2017-12-19

CVE-2001-0687

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Broker FTP server version 5.9.5

Description: The issue allows a remote attacker to retrieve privileged web server system information. This can be achieved by issuing a CD command (CD C:) followed by the LS command, or by specifying arbitrary paths in the UNC format (computernamesharename).

Recommendations: For Broker FTP server version 5.9.5, consider restricting access to the LS command and limiting the ability to specify arbitrary paths in the UNC format to minimize the risk of exploitation. As a temporary workaround, restrict the use of the CD command to prevent attackers from navigating to sensitive directories.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0687

Affected Products

Broker Ftp Server

PT-2001-1870 · Broker · Broker Ftp Server

CVE-2001-0687

Related Identifiers

Affected Products

References · 4