Vulnerability Description
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nch Software | Nch Software Classic Ftp | 1.02 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30708Vendor Advisory
- http://vuln.sg/classicftp102-en.html
- http://www.securityfocus.com/bid/29846
- http://www.vupen.com/english/advisories/2008/1899/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43230
- http://secunia.com/advisories/30708Vendor Advisory
- http://vuln.sg/classicftp102-en.html
- http://www.securityfocus.com/bid/29846
- http://www.vupen.com/english/advisories/2008/1899/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43230
FAQ
What is CVE-2008-2894?
CVE-2008-2894 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a ...
How severe is CVE-2008-2894?
CVE-2008-2894 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2894?
Check the references section above for vendor advisories and patch information. Affected products include: Nch Software Nch Software Classic Ftp.