Vulnerability 10493 - CERT Civis.Net

Vulnerability Name:

CCN-10493

Published:

2002-10-25

Updated:

2002-10-25

Summary:

WS_FTP Server is vulnerable to session hijacking when PASV connections are used. If a user establishes a PASV connection with the FTP server, a remote attacker could connect to the same FTP port to hijack the session and gain unauthorized access to sensitive information.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Fri Oct 25 2002 - 09:06:34 CDT
IPSwitch, Inc. WS_FTP Server

Source: CCN
Type: BugTraq Mailing List, Fri Oct 25 2002 - 12:38:29 CDT
Re: IPSwitch, Inc. WS_FTP Server

Source: CCN
Type: BugTraq Mailing List, Sat Oct 26 2002 - 02:41:03 CDT
Re[2]: IPSwitch, Inc. WS_FTP Server

Source: CCN
Type: Ipswitch Web site
WS_FTP Server - Patches & Upgrades

Source: CCN
Type: BID-6051
IPSwitch WS_FTP Server Passive Mode Session Hijacking Vulnerability

Source: XF
Type: UNKNOWN
wsftp-pasv-mode-hijacking(10493)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:progress:ipswitch_ws_ftp_server:3.1.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK