Vulnerability Description
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Globalscape | Cuteftp | 8.2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29760Vendor Advisory
- http://vuln.sg/cuteftp820-en.htmlExploit
- http://www.securitytracker.com/id?1020113
- http://www.vupen.com/english/advisories/2008/1653/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42633
- http://secunia.com/advisories/29760Vendor Advisory
- http://vuln.sg/cuteftp820-en.htmlExploit
- http://www.securitytracker.com/id?1020113
- http://www.vupen.com/english/advisories/2008/1653/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42633
FAQ
What is CVE-2008-2779?
CVE-2008-2779 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\...
How severe is CVE-2008-2779?
CVE-2008-2779 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2779?
Check the references section above for vendor advisories and patch information. Affected products include: Globalscape Cuteftp.