ID de Prueba:	1.3.6.1.4.1.25623.1.0.10933
Categoría:	FTP
Título:	EFTP tells if a given file exists
Resumen:	The remote FTP server can be used to determine if a given; file exists on the remote host or not, by adding dot-dot-slashes in front of them.
Descripción:	Summary: The remote FTP server can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them. Vulnerability Insight: For instance, it is possible to determine the presence of \autoexec.bat by using the command SIZE or MDTM on ../../../../autoexec.bat Vulnerability Impact: An attacker may use this flaw to gain more knowledge about this host, such as its file layout. This flaw is specially useful when used with other vulnerabilities. Solution: Update your EFTP server to 2.0.8.348 or change it. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1109 BugTraq ID: 3331 http://www.securityfocus.com/bid/3331 BugTraq ID: 3333 http://www.securityfocus.com/bid/3333 Bugtraq: 20010912 EFTP Version 2.0.7.337 vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/213647 http://www.eftp.org/releasehistory.html XForce ISS Database: eftp-list-directory-traversal(7113) https://exchange.xforce.ibmcloud.com/vulnerabilities/7113 XForce ISS Database: eftp-quote-reveal-information(7114) https://exchange.xforce.ibmcloud.com/vulnerabilities/7114
Copyright	Copyright (C) 2001 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.