Vulnerability Details CVE-2001-0054
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
- http://marc.info/?l=bugtraq&m=97604119024280&w=2
- http://www.osvdb.org/464
- http://www.securityfocus.com/bid/2052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5639
- http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
- http://marc.info/?l=bugtraq&m=97604119024280&w=2
- http://www.osvdb.org/464
- http://www.securityfocus.com/bid/2052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5639
Products affected by CVE-2001-0054
-
cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16