CVE-2010-4154

Published Nov 3, 2010

Last updated 7 years ago

Overview

Description: Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90002B6-F044-4D5D-9E95-73C4A7CF66C9",
            "versionEndIncluding": "15.2.0.11"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FB3C40D-51C0-4229-9353-054F9C653CFE"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E00F8BE-7898-4A93-9819-ED7076CB6B94"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27F9C61E-A359-407A-8088-28969287352C"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47D5252A-CD16-4B68-A70D-DA7AE8CCD46B"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85D3564B-64C5-42C9-A2D7-E1C0E4B7BD8C"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75169087-BDCF-49E7-A8F5-BF98FE476B90"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA66B2B9-14AF-4B1E-800B-19D0AF8FAD11"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5912898-47A0-4551-86F2-9A0C6FE876A0"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D74B72D-302E-489B-BDFE-9968937277DB"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A89F643-6355-4D1D-A2E6-DFF1D2E2E87E"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E13E003D-FBDC-4C78-8555-A77A59B9E3F6"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB4A33DB-0D0E-43E8-881E-4B4CBA6D465D"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D84A627C-ABFB-4601-9A2A-9661004D1D37"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEAC97E8-AEC7-48C6-9828-5D998FACC55C"
          },
          {
            "criteria": "cpe:2.3:a:rhinosoft:ftp_voyager:15.2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAD63A3C-9F0B-4512-9960-6EE37B0CADAC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References