Vulnerabilities > CVE-2001-1335 - Directory Traversal vulnerability in Aclogic Cesarftp 0.98B

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
aclogic
nessus
exploit available
NVD
Published: 2001-05-27
Updated: 2008-09-10

Summary

Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).

Vulnerable Configurations

Part Description Count
Application
Aclogic
1

Exploit-Db

descriptionACLogic CesarFTP 0.98 b Directory Traversal Vulnerability. CVE-2001-1335. Remote exploit for windows platform
idEDB-ID:20884
last seen2016-02-02
modified2001-05-27
published2001-05-27
reporterbyterage
sourcehttps://www.exploit-db.com/download/20884/
titleACLogic CesarFTP 0.98b - Directory Traversal Vulnerability

Nessus

  • NASL familyFTP
    NASL idCESARFTP_OVERFLOWS.NASL
    descriptionThe remote host is running CesarFTP, an FTP server for Windows systems. There are multiple flaws in this version of CesarFTP that could allow an attacker to execute arbitrary code on this host, or simply to disable this server remotely.
    last seen2020-06-01
    modified2020-06-02
    plugin id11755
    published2003-06-18
    reporterThis script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/11755
    titleCesarFTP Multiple Vulnerabilities (OF, File Access, more)
  • NASL familyFTP
    NASL idFTP_TRAVERSAL.NASL
    descriptionThe remote FTP server allows users to browse the entire remote disk by issuing commands with traversal style characters. An attacker could exploit this flaw to gain access to arbitrary files.
    last seen2020-06-01
    modified2020-06-02
    plugin id11112
    published2002-08-27
    reporterThis script is Copyright (C) 2002-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/11112
    titleFTP Server Traversal Arbitrary File Access

References