CVE-2008-1221

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://aluigi.altervista.org/adv/escaz-adv.txt	Exploit
http://www.securityfocus.com/bid/28127	Exploit
http://secunia.com/advisories/29246	Exploit Vendor Advisory
http://securityreason.com/securityalert/3723
https://exchange.xforce.ibmcloud.com/vulnerabilities/41033
http://www.securityfocus.com/archive/1/489228/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microworld_technologies:escan:9.0.742.98::corporate:::::
	cpe:2.3:a:microworld_technologies:escan_management_console:9.0.742.1:::::::*
	cpe:2.3:a:microworld_technologies:escan_server:9.0.742.1:::::::*

Information

Published : 2008-03-10 10:44

Updated : 2018-10-11 13:30

NVD link : CVE-2008-1221

Mitre link : CVE-2008-1221

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

microworld_technologies

escan_management_console
escan
escan_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aluigi.altervista.org/adv/escaz-adv.txt", "name": "http://aluigi.altervista.org/adv/escaz-adv.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/28127", "name": "28127", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/29246", "name": "29246", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3723", "name": "3723", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41033", "name": "escan-filename-directory-traversal(41033)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/489228/100/0/threaded", "name": "20080306 Directory traversal in MicroWorld eScan Server 9.0.742.98", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1221", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-03-10T17:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microworld_technologies:escan:9.0.742.98:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microworld_technologies:escan_management_console:9.0.742.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microworld_technologies:escan_server:9.0.742.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:30Z"}