Vulnerability Description
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xlightftpd | Xlight Ftp Server | 3.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/66037
- http://secunia.com/advisories/40473Vendor Advisory
- http://www.securityfocus.com/archive/1/512192/100/0/threaded
- http://www.xlightftpd.com/whatsnew.htmPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60151
- http://osvdb.org/66037
- http://secunia.com/advisories/40473Vendor Advisory
- http://www.securityfocus.com/archive/1/512192/100/0/threaded
- http://www.xlightftpd.com/whatsnew.htmPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60151
FAQ
What is CVE-2010-2695?
CVE-2010-2695 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or del...
How severe is CVE-2010-2695?
CVE-2010-2695 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2695?
Check the references section above for vendor advisories and patch information. Affected products include: Xlightftpd Xlight Ftp Server.