CVE-2009-4053

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/37381	Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54303	Third Party Advisory VDB Entry
http://secunia.com/advisories/37381	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:home_ftp_server_project:home_ftp_server:1.10.1.139:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/37381 - Broken Link, Vendor Advisory~~	() http://secunia.com/advisories/37381 - Broken Link, Vendor Advisory

26 Jan 2024, 17:54

Type	Values Removed	Values Added
References		(MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/54303 - Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/37381 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/37381 - Broken Link, Vendor Advisory
First Time		Home Ftp Server Project Home Ftp Server Project home Ftp Server
CVSS	v2 : ~~4.0~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 6.5
CPE	cpe:2.3:a:downstairs.dnsalias:home_ftp_server:1.10.1.139:::::::*	cpe:2.3:a:home_ftp_server_project:home_ftp_server:1.10.1.139:::::::*

Information

Published : 2009-11-23 17:30

Updated : 2024-11-21 01:08

NVD link : CVE-2009-4053

Mitre link : CVE-2009-4053

CVE.ORG link : CVE-2009-4053

JSON object : View

Products Affected

home_ftp_server_project

home_ftp_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2009-4053

6.5^/10

4.0^/10

Attach tags to `CVE-2009-4053`