Titan FTP Server 'XCRC' And 'COMB' Directory Traversal Vulnerabilities Network Vulnerability

Summary

This host is running Titan FTP Server and is prone to directory traversal vulnerabilities.

Impact

Successful exploitation will allow attackers to download arbitrary files and deletion of arbitrary files on the server. Impact Level: Application.

Solution

Upgrade to Titan FTP Server 8.30.1231 or later For updates refer to http://www.titanftp.com/index.html

Insight

The flaws are due to - Input validation error when processing 'XCRC' commands, which can be exploited to determine the existence of a file outside the FTP root directory. - Input validation error when processing 'COMB' commands, which can be exploited to read and delete an arbitrary file.

Affected

Titan FTP Server version 8.10.1125 and prior

References

http://secunia.com/advisories/40237
http://www.securityfocus.com/archive/1/archive/1/511839/100/0/threaded
http://xforce.iss.net/xforce/xfdb/59492

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2425, CVE-2010-2426

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Apache Struts2/XWork Remote Command Execution Vulnerability

Titan FTP Server 'XCRC' and 'COMB' Directory Traversal Vulnerabilities

Take action and discover your vulnerabilities