CVE-2019-10009
Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.
Se descubrió un problema de Recorrido de directorios en la GUI web en el servidor FTP 2019 Build 3505 de Titan. Cuando un usuario identificado intenta obtener una vista previa de un archivo cargado (a través de PreviewHandler.ashx) utilizando una técnica \ .. \ .. \, los archivos arbitrarios pueden ser cargado en la respuesta del servidor fuera del directorio raíz.
Titan FTP Server 2019 build 3505 suffers from a directory traversal vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-03-24 CVE Reserved
- 2019-03-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2019/Mar/47 | Mailing List |
|
| http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46611 | 2024-08-04 | |
| https://seclists.org/fulldisclosure/2019/Mar/47 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Southrivertech Search vendor "Southrivertech" | Titan Ftp Server Search vendor "Southrivertech" for product "Titan Ftp Server" | 2019 Search vendor "Southrivertech" for product "Titan Ftp Server" and version "2019" | 3505 |
Affected
| ||||||