Vulnerability Details CVE-2004-2488
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://secunia.com/advisories/11216
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
- http://www.osvdb.org/4557
- http://www.securityfocus.com/bid/9970
- http://www.securitytracker.com/alerts/2004/Mar/1009545.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
- http://secunia.com/advisories/11216
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
- http://www.osvdb.org/4557
- http://www.securityfocus.com/bid/9970
- http://www.securitytracker.com/alerts/2004/Mar/1009545.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
Products affected by CVE-2004-2488
-
cpe:2.3:a:nexgen:nexgen_ftp_server:1.0
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.0
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.1
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.2