Vulnerability Details CVE-2010-2695
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.7%
CVSS Severity
CVSS v2 Score 6.5
References
- http://osvdb.org/66037
- http://secunia.com/advisories/40473
- http://www.securityfocus.com/archive/1/512192/100/0/threaded
- http://www.xlightftpd.com/whatsnew.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60151
- http://osvdb.org/66037
- http://secunia.com/advisories/40473
- http://www.securityfocus.com/archive/1/512192/100/0/threaded
- http://www.xlightftpd.com/whatsnew.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60151
Products affected by CVE-2010-2695
-
cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5
-
cpe:2.3:a:xlightftpd:xlight_ftp_server:3.5.5