Vulnerability Description
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wise-Ftp | Wise-Ftp | 4.1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30663Vendor Advisory
- http://secunia.com/advisories/30788Vendor Advisory
- http://vuln.sg/wiseftp558-en.html
- http://www.securityfocus.com/bid/29844
- http://www.vupen.com/english/advisories/2008/1898/references
- http://www.wise-ftp.com/news/index.htmPatch
- http://secunia.com/advisories/30663Vendor Advisory
- http://secunia.com/advisories/30788Vendor Advisory
- http://vuln.sg/wiseftp558-en.html
- http://www.securityfocus.com/bid/29844
- http://www.vupen.com/english/advisories/2008/1898/references
- http://www.wise-ftp.com/news/index.htmPatch
FAQ
What is CVE-2008-2889?
CVE-2008-2889 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a...
How severe is CVE-2008-2889?
CVE-2008-2889 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2889?
Check the references section above for vendor advisories and patch information. Affected products include: Wise-Ftp Wise-Ftp.