Vulnerability Name: | CVE-2007-6735 (CCN-58002) | ||||||||
Assigned: | 2010-03-26 | ||||||||
Published: | 2010-03-26 | ||||||||
Updated: | 2010-04-06 | ||||||||
Summary: | NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-6735 Source: CCN Type: Novell Document ID: 3238588 What fixes are in NWFTPD.NLM v5.10.01, March 26, 2010? Source: CONFIRM Type: Vendor Advisory http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1 Source: CCN Type: OSVDB ID: 63694 Novell NetWare FTP Server NWFTPD.nlm FTPREST.TXT Container Name Partial Match Access Restriction Bypass Source: CONFIRM Type: UNKNOWN https://bugzilla.novell.com/show_bug.cgi?id=260459 Source: XF Type: UNKNOWN netware-nwftpd-ftprest-security-bypass(58002) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |