CVE-2004-2747

Name of the Vulnerable Software and Affected Versions Pablo Software Solutions Quick 'n Easy FTP Server versions 1.77 and earlier

Description A directory traversal issue allows remote authenticated users to determine the existence of arbitrary files by using a .. (dot dot) in the DEL command. This is done by analyzing different error messages that are triggered depending on whether the file exists or not.

Recommendations For versions 1.77 and earlier, consider restricting access to the DEL command until a patch is available. As a temporary workaround, limit the ability of remote authenticated users to execute the DEL command with .. (dot dot) sequences to minimize the risk of exploitation.