Vulnerability Description
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Visicommedia | Aceftp | 3.80.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30792Vendor Advisory
- http://vuln.sg/aceftp3803-en.htmlExploit
- http://www.securityfocus.com/bid/29989
- http://www.vupen.com/english/advisories/2008/1954/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43400
- http://secunia.com/advisories/30792Vendor Advisory
- http://vuln.sg/aceftp3803-en.htmlExploit
- http://www.securityfocus.com/bid/29989
- http://www.vupen.com/english/advisories/2008/1954/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43400
FAQ
What is CVE-2008-5175?
CVE-2008-5175 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to...
How severe is CVE-2008-5175?
CVE-2008-5175 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5175?
Check the references section above for vendor advisories and patch information. Affected products include: Visicommedia Aceftp.