CVE-2010-2695
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands.
Vulnerabilidad de salto de directorio en SFTP/SSH2 virtual server en Xlight FTP Server v3.5.0, v3.5.5, y posiblemente otras versiones anteriores a v3.6 permite a atacantes remotos autenticados leer, sobreescribir o eliminar ficheros arbitrarios mediante secuencias .. (punto punto) en (1) ls, (2) rm, (3) rename y otros otros comandos no especificados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-07-12 CVE Reserved
- 2010-07-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/66037 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/512192/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60151 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.xlightftpd.com/whatsnew.htm | 2018-10-10 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/40473 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.5 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.5" | - |
Affected
| ||||||
| Xlightftpd Search vendor "Xlightftpd" | Xlight Ftp Server Search vendor "Xlightftpd" for product "Xlight Ftp Server" | 3.5.5 Search vendor "Xlightftpd" for product "Xlight Ftp Server" and version "3.5.5" | - |
Affected
| ||||||