Vulnerability Description
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bisonftp | Bisonftp Server 4 | r2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/312032Exploit
- http://www.securityfocus.com/bid/6873
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11347
- http://www.securityfocus.com/archive/1/312032Exploit
- http://www.securityfocus.com/bid/6873
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11347
FAQ
What is CVE-2003-1380?
CVE-2003-1380 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @...
How severe is CVE-2003-1380?
CVE-2003-1380 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1380?
Check the references section above for vendor advisories and patch information. Affected products include: Bisonftp Bisonftp Server 4.