Vulnerability Description
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nexgen | Nexgen Ftp Server | 1.0 |
References
- http://secunia.com/advisories/11216Vendor Advisory
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.htmlURL Repurposed
- http://www.osvdb.org/4557Exploit
- http://www.securityfocus.com/bid/9970Patch
- http://www.securitytracker.com/alerts/2004/Mar/1009545.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
- http://secunia.com/advisories/11216Vendor Advisory
- http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.htmlURL Repurposed
- http://www.osvdb.org/4557Exploit
- http://www.securityfocus.com/bid/9970Patch
- http://www.securitytracker.com/alerts/2004/Mar/1009545.htmlExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15594
FAQ
What is CVE-2004-2488?
CVE-2004-2488 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LI...
How severe is CVE-2004-2488?
CVE-2004-2488 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2488?
Check the references section above for vendor advisories and patch information. Affected products include: Nexgen Nexgen Ftp Server.