PT-2010-4544 · Ftprush · Ftprush

Published

2010-08-20

Updated

2010-08-24

CVE-2010-3098

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FTP Rush versions 1.1.3 and earlier

Description A directory traversal issue allows remote FTP servers to overwrite arbitrary files by including a ".." (dot dot backslash) in a filename.

Recommendations For versions 1.1.3 and earlier, update to a version that fixes this issue, if available. As a temporary workaround, consider restricting access to the FTP functionality until a patch is available. Avoid using the FTP feature with untrusted remote servers to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2010-3098

Affected Products

Ftprush

PT-2010-4544 · Ftprush · Ftprush

CVE-2010-3098

Weakness Enumeration

Related Identifiers

Affected Products

References · 3