CVE-2007-0888

high

Description

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32398

http://www.vupen.com/english/advisories/2007/0536

http://www.securityfocus.com/bid/22490

http://www.securityfocus.com/archive/1/459933/100/0/threaded

http://www.securityfocus.com/archive/1/459500/100/0/threaded

http://www.osvdb.org/33162

http://www.kiwisyslog.com/kb/idx/5/178/article/

http://securityreason.com/securityalert/2236

http://secunia.com/advisories/24103

Details

Source: Mitre, NVD

Published: 2007-02-12

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High