Vulnerability Name:

CVE-2002-0558 (CCN-6165)

Assigned:2001-02-28
Published:2001-02-28
Updated:2008-09-05
Summary:Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Wed Feb 28 2001 - 17:27:57 CST
Vulnerability in TYPSoft FTP Server

Source: CCN
Type: BugTraq Mailing List, Mon May 07 2001 - 08:13:38 CDT
Vulnerabilty in TYPsoft FTP server

Source: BUGTRAQ
Type: Vendor Advisory
20020407 Typsoft FTP Server: yet another directory traversal vulnerability

Source: CCN
Type: BugTraq Mailing List, Sun Apr 07 2002 - 05:26:54 CDT
Typsoft FTP Server: yet another directory traversal vulnerability

Source: MITRE
Type: CNA
CVE-2001-0294

Source: MITRE
Type: CNA
CVE-2002-0558

Source: MITRE
Type: CNA
CVE-2002-1354

Source: CCN
Type: TYPSoft Web site
TYPESoft Home Page

Source: CCN
Type: SA7737
TYPSoft FTP Server Directory Traversal

Source: CCN
Type: SECTRACK ID: 1005832
TYPSoft FTP Server Failure to Filter `...` Strings Lets Remote Users View Arbitrary Directory Listings

Source: XF
Type: Patch, Vendor Advisory
typsoft-ftp-directory-traversal(6165)

Source: CCN
Type: OSVDB ID: 59559
TYPSoft FTP Server cd/CWD Command Traversal Arbitrary Directory Listing

Source: CCN
Type: OSVDB ID: 6798
TYPSoft FTP Server LIST Command Traversal Arbitrary Directory Listing

Source: CCN
Type: OSVDB ID: 6799
TYPSoft FTP Server Arbitrary File Access

Source: BID
Type: Patch, Vendor Advisory
2489

Source: CCN
Type: BID-2489
TYPSoft FTP Server Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
typsoft-ftp-directory-traversal(6165)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:typsoft:typsoft_ftp_server:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.97:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:typsoft:typsoft_ftp_server:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:typsoft:typsoft_ftp_server:0.97.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    typsoft typsoft ftp server 0.85
    typsoft typsoft ftp server 0.93
    typsoft typsoft ftp server 0.95
    typsoft typsoft ftp server 0.96
    typsoft typsoft ftp server 0.97
    typsoft typsoft ftp server 0.95
    typsoft typsoft ftp server 0.99.8
    typsoft typsoft ftp server 0.97.1