CyberSec.Space Logo
CVEブラウザに戻る

CVE-2000-0587

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile16.10th
Published2000年6月26日
Last Modified2026年4月16日

Vulnerability Description

The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.

Affected Platforms (CPE)

📦
Glftpd

Glftpd

= 1.18
📦
Glftpd

Glftpd

= 1.19
📦
Glftpd

Glftpd

= 1.20
📦
Glftpd

Glftpd

= 1.21b1
📦
Glftpd

Glftpd

= 1.21b2
📦
Glftpd

Glftpd

= 1.21b3
📦
Glftpd

Glftpd

= 1.21b4
📦
Glftpd

Glftpd

= 1.21b5
📦
Glftpd

Glftpd

= 1.21b6
📦
Glftpd

Glftpd

= 1.21b7
📦
Glftpd

Glftpd

= 1.21b8

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
🔗 http://www.securityfocus.com/bid/1401
🔗 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl
🔗 http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
🔗 http://www.securityfocus.com/bid/1401
🔗 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl

関連する脆弱性情報

CVE-2000-004010.0

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

CVE-2021-316457.5

An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection lim...

CVE-2000-00387.5

glFtpD includes a default glftpd user account with a default password and a UID of 0.

CVE-2006-12537.5

Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possib...