Summary
This host is running Titan FTP Server and is prone to directory traversal vulnerabilities.
Impact
Successful exploitation will allow attackers to download arbitrary files and deletion of arbitrary files on the server.
Impact Level: Application.
Solution
Upgrade to Titan FTP Server 8.30.1231 or later
For updates refer to http://www.titanftp.com/index.html
Insight
The flaws are due to
- Input validation error when processing 'XCRC' commands, which can be exploited to determine the existence of a file outside the FTP root directory.
- Input validation error when processing 'COMB' commands, which can be exploited to read and delete an arbitrary file.
Affected
Titan FTP Server version 8.10.1125 and prior
References
Severity
Classification
-
CVE CVE-2010-2425, CVE-2010-2426 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities