WinTFTP Server Pro Remote Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running WinTFTP Server and is prone to directory traversal Vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to an error in handling 'GET' and 'PUT' requests which can be exploited to download arbitrary files from the host system.

Affected

WinTFTP Server pro version 3.1

References

http://ibootlegg.com/root/viewtopic.php?f=11&t=15
http://www.exploit-db.com/exploits/15427/
http://www.indetectables.net/foro/viewtopic.php?f=58&t=27821&view=print
http://xforce.iss.net/xforce/xfdb/63048

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

IlohaMail Readable Configuration Files
Quick Tftp Server Pro Directory Traversal Vulnerability
vqServer web traversal vulnerability
Music Daemon File Disclosure
Distinct TFTP Server Directory Traversal Vulnerability

Take action and discover your vulnerabilities