CVE-2009-4053 — MEDIUM (6.5)

Vulnerability Description

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Home Ftp Server Project	Home Ftp Server	1.10.1.139

Related Weaknesses (CWE)

CWE-22

References

http://secunia.com/advisories/37381Broken LinkVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54303Third Party AdvisoryVDB Entry
http://secunia.com/advisories/37381Broken LinkVendor Advisory

FAQ

What is CVE-2009-4053?

CVE-2009-4053 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (...

How severe is CVE-2009-4053?

CVE-2009-4053 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-4053?

Check the references section above for vendor advisories and patch information. Affected products include: Home Ftp Server Project Home Ftp Server.