Vulnerability Description
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glftpd | Glftpd | 1.26 |
References
- http://www.securityfocus.com/archive/1/390924ExploitVendor Advisory
- http://www.securityfocus.com/bid/12586ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19401
- http://www.securityfocus.com/archive/1/390924ExploitVendor Advisory
- http://www.securityfocus.com/bid/12586ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19401
FAQ
What is CVE-2005-0483?
CVE-2005-0483 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files,...
How severe is CVE-2005-0483?
CVE-2005-0483 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0483?
Check the references section above for vendor advisories and patch information. Affected products include: Glftpd Glftpd.