vendor:
Freefloat FTP Server
by:
6.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Freefloat FTP Server
Affected Version From: Freefloat FTP Server 1.0
Affected Version To: Freefloat FTP Server 1.0.10
Patch Exists: YES
Related CWE: CVE-2011-0413
CPE: a:freefloat_project:freefloat_ftp_server:1.0
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2011-0413/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0256/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-dc9f8335-2b3b-11e0-a91b-00e0815b8da8/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-0413/
Platforms Tested: Windows
2011
Directory Traversal Vulnerability in Freefloat FTP Server
Freefloat FTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to retrieve arbitrary files outside of the FTP server root directory. This may aid in further attacks.
Mitigation:
The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of Freefloat FTP Server.