Summary
This host is installed with WS_FTP Server and is prone to Security Bypass Vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary codes in the compressed rar achive and can cause memory corruption or buffer overflows.
Solution
Upgrade to the latest version 6.1.1 or higher.
http://www.ipswitchft.com/products/ws_ftp_server
Insight
This flaw is due to
- an error within the WS_FTP Server Manager when processing HTTP requests for the FTPLogServer/LogViewer.asp script.
- less access control in custom ASP Files in WSFTPSVR/ via a request with the appended dot characters which causes disclosure of .asp file contents.
Affected
Ipswitch WS_FTP Server version 6.1.0.0 and prior versions.
References
Severity
Classification
-
CVE CVE-2008-5692, CVE-2008-5693 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities