EFTP Tells If A Given File Exists Network Vulnerability

Summary

The remote FTP server can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them. For instance, it is possible to determine the presence of \autoexec.bat by using the command SIZE or MDTM on ../../../../autoexec.bat An attacker may use this flaw to gain more knowledge about this host, such as its file layout. This flaw is specially useful when used with other vulnerabilities.

Solution

update your EFTP server to 2.0.8.348 or change it

Severity

Classification

CVE CVE-2001-1109

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD and OpenBSD 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability
pyftpdlib FTP Server Multiple Vulnerabilities
FileCopa FTP Server Directory Traversal Vulnerability
FFFTP LIST Command Directory Traversal Vulnerability
wu-ftpd SITE EXEC vulnerability

EFTP tells if a given file exists

Take action and discover your vulnerabilities