Vulnerability Description
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pablo Software Solutions | Baby Ftp Server | 1.2 |
References
- http://packetstormsecurity.org/0305-exploits/baby.txtExploit
- http://www.osvdb.org/24538
- http://www.pablosoftwaresolutions.com/html/baby_ftp_server.htmlPatch
- http://www.securityfocus.com/bid/7749
- http://packetstormsecurity.org/0305-exploits/baby.txtExploit
- http://www.osvdb.org/24538
- http://www.pablosoftwaresolutions.com/html/baby_ftp_server.htmlPatch
- http://www.securityfocus.com/bid/7749
FAQ
What is CVE-2003-1299?
CVE-2003-1299 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "....
How severe is CVE-2003-1299?
CVE-2003-1299 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1299?
Check the references section above for vendor advisories and patch information. Affected products include: Pablo Software Solutions Baby Ftp Server.