TwinFTP < 1.0.3 R3 Server Directory Traversal File Access

medium Nessus Network Monitor Plugin ID 2279

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running TwinFTP FTP Server. It is reported that TwinFTP is prone to a directory traversal issue. An attacker may read and write files outside the FTP server root directory with the FTP server process privileges.

Solution

Upgrade to TwinFTP Enterprise or Standard 1.0.3 R3 or higher.

Plugin Details

Severity: Medium

ID: 2279

Family: FTP Servers

Published: 9/13/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:jigunet:twinftp

Reference Information

CVE: CVE-2001-1335, CVE-2004-1679

BID: 2786, 11159