CVE-2001-0582

CVE-2001-0582

EPSS 0.6%

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6495 http://www.kb.cert.org/vuls/id/110803