CVE-2014-1843

medium

Description

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.

References

http://www.securityfocus.com/bid/65469

http://www.osvdb.org/103197

http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html

Details

Source: Mitre, NVD

Published: 2014-04-29

Updated: 2015-07-29

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium