Vulnerability Details CVE-2008-5693
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
- http://securityreason.com/securityalert/4799
- http://www.securityfocus.com/archive/1/487686/100/200/threaded
- http://www.securityfocus.com/archive/1/487697/100/200/threaded
- http://www.securityfocus.com/bid/27654
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47677
- http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
- http://securityreason.com/securityalert/4799
- http://www.securityfocus.com/archive/1/487686/100/200/threaded
- http://www.securityfocus.com/archive/1/487697/100/200/threaded
- http://www.securityfocus.com/bid/27654
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47677
Products affected by CVE-2008-5693
-
cpe:2.3:a:ipswitch:ws_ftp:1.0.5
-
cpe:2.3:a:ipswitch:ws_ftp:2.01
-
cpe:2.3:a:ipswitch:ws_ftp:2.02
-
cpe:2.3:a:ipswitch:ws_ftp:2.03
-
cpe:2.3:a:ipswitch:ws_ftp:3.0
-
cpe:2.3:a:ipswitch:ws_ftp:3.0.1
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.0
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.1
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.2
-
cpe:2.3:a:ipswitch:ws_ftp:3.1.3
-
cpe:2.3:a:ipswitch:ws_ftp:3.14
-
cpe:2.3:a:ipswitch:ws_ftp:4.00
-
cpe:2.3:a:ipswitch:ws_ftp:4.01
-
cpe:2.3:a:ipswitch:ws_ftp:4.02
-
cpe:2.3:a:ipswitch:ws_ftp:5.00
-
cpe:2.3:a:ipswitch:ws_ftp:5.01
-
cpe:2.3:a:ipswitch:ws_ftp:5.02
-
cpe:2.3:a:ipswitch:ws_ftp:5.03
-
cpe:2.3:a:ipswitch:ws_ftp:5.04
-
cpe:2.3:a:ipswitch:ws_ftp:5.05
-
cpe:2.3:a:ipswitch:ws_ftp:6.0
-
cpe:2.3:a:ipswitch:ws_ftp:6.1