Vulnerability Details CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
- http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
- http://secunia.com/advisories/28822
- http://securityreason.com/securityalert/4799
- http://www.securityfocus.com/archive/1/487686/100/200/threaded
- http://www.securityfocus.com/archive/1/487697/100/200/threaded
- http://www.securityfocus.com/bid/27654
- http://www.vupen.com/english/advisories/2008/0473
- http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
- http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
- http://secunia.com/advisories/28822
- http://securityreason.com/securityalert/4799
- http://www.securityfocus.com/archive/1/487686/100/200/threaded
- http://www.securityfocus.com/archive/1/487697/100/200/threaded
- http://www.securityfocus.com/bid/27654
- http://www.vupen.com/english/advisories/2008/0473
Products affected by CVE-2008-5692
-
cpe:2.3:a:ipswitch:ws_ftp:1.0.5
-
cpe:2.3:a:ipswitch:ws_ftp:2.01
-
cpe:2.3:a:ipswitch:ws_ftp:2.02
-
cpe:2.3:a:ipswitch:ws_ftp:2.03
-
cpe:2.3:a:ipswitch:ws_ftp:3.0
-
cpe:2.3:a:ipswitch:ws_ftp:3.0.1
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.0
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.1
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.2
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.3
-
cpe:2.3:a:ipswitch:ws_ftp:3.14
-
cpe:2.3:a:ipswitch:ws_ftp:4.00
-
cpe:2.3:a:ipswitch:ws_ftp:4.01
-
cpe:2.3:a:ipswitch:ws_ftp:4.02
-
cpe:2.3:a:ipswitch:ws_ftp:5.00
-
cpe:2.3:a:ipswitch:ws_ftp:5.01
-
cpe:2.3:a:ipswitch:ws_ftp:5.02
-
cpe:2.3:a:ipswitch:ws_ftp:5.03
-
cpe:2.3:a:ipswitch:ws_ftp:5.04
-
cpe:2.3:a:ipswitch:ws_ftp:5.05
-
cpe:2.3:a:ipswitch:ws_ftp:6.0
-
cpe:2.3:a:ipswitch:ws_ftp:6.1