Vulnerability Description
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Iseries As 400 | All versions |
References
- http://www.securityfocus.com/archive/1/396628
- http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_securit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
- http://www.securityfocus.com/archive/1/396628
- http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_securit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
FAQ
What is CVE-2005-1238?
CVE-2005-1238 is a vulnerability with a CVSS score of 7.5 (HIGH). By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, ...
How severe is CVE-2005-1238?
CVE-2005-1238 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1238?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Iseries As 400.