WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2000-11-13 21:00
Updated : 2017-10-09 18:29
NVD link : CVE-2000-0876
Mitre link : CVE-2000-0876
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
texas_imperial_software
- wftpd
- wftpd_pro