Vulnerability Description
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barad Dur | Bitkinex | 2.9.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30532Vendor Advisory
- http://vuln.sg/bitkinex293-en.html
- http://www.vupen.com/english/advisories/2008/1738/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42842
- http://secunia.com/advisories/30532Vendor Advisory
- http://vuln.sg/bitkinex293-en.html
- http://www.vupen.com/english/advisories/2008/1738/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42842
FAQ
What is CVE-2008-2635?
CVE-2008-2635 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from th...
How severe is CVE-2008-2635?
CVE-2008-2635 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2635?
Check the references section above for vendor advisories and patch information. Affected products include: Barad Dur Bitkinex.