Vulnerability Details CVE-2004-2488
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 78.1%
CVSS Severity
CVSS v2 Score 4.0
References
- http://secunia.com/advisories/11216
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
- http://www.osvdb.org/4557
- http://www.securityfocus.com/bid/9970
- http://www.securitytracker.com/alerts/2004/Mar/1009545.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
- http://secunia.com/advisories/11216
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html
- http://www.osvdb.org/4557
- http://www.securityfocus.com/bid/9970
- http://www.securitytracker.com/alerts/2004/Mar/1009545.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
Products affected by CVE-2004-2488
-
cpe:2.3:a:nexgen:nexgen_ftp_server:1.0
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.0
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.1
-
cpe:2.3:a:nexgen:nexgen_ftp_server:2.2