WS_FTP Server Manager Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with WS_FTP Server and is prone to Security Bypass Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the compressed rar achive and can cause memory corruption or buffer overflows.

Solution

Upgrade to the latest version 6.1.1 or higher. http://www.ipswitchft.com/products/ws_ftp_server

Insight

This flaw is due to - an error within the WS_FTP Server Manager when processing HTTP requests for the FTPLogServer/LogViewer.asp script. - less access control in custom ASP Files in WSFTPSVR/ via a request with the appended dot characters which causes disclosure of .asp file contents.

Affected

Ipswitch WS_FTP Server version 6.1.0.0 and prior versions.

References

http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
http://secunia.com/advisories/28822
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5693

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5692, CVE-2008-5693
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

WS_FTP Server Manager Security Bypass Vulnerability
ArGoSoft FTP Server .NET Directory Traversal Vulnerability
Ipswitch WS_FTP Professional 'HTTP' Response Format String Vulnerability
httpdx Multiple Remote Denial Of Service Vulnerabilities
Core FTP Server Directory Traversal Vulnerability

Take action and discover your vulnerabilities