CVE-2006-5947

Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/22893	Vendor Advisory
http://www.securityfocus.com/bid/21081
http://www.vupen.com/english/advisories/2006/4519
https://exchange.xforce.ibmcloud.com/vulnerabilities/30295

Configurations

Configuration 1 (hide)

cpe:2.3:a:conxint:conxint_ftp_server:2.2.0603:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-11-17 00:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5947

Mitre link : CVE-2006-5947

CVE.ORG link : CVE-2006-5947

JSON object : View

Products Affected

conxint

conxint_ftp_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-5947", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-17T00:07:00.000", "references": [{"url": "http://secunia.com/advisories/22893", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21081", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4519", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30295", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto directorio en Conxint FTP Server 2.2.0603, y posiblemente anteriores, permite a un atacante remoto leer ficheros de su elecci\u00f3n y listar directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio con los comandos (1) DIR (LIST o NLST) y (2) GET (RETR), NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros. \r\n"}], "lastModified": "2017-07-20T01:34:05.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:conxint:conxint_ftp_server:2.2.0603:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "787D7042-FDCE-4AC0-9A53-E8E1B7F6055D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}