CVEブラウザに戻る

CVE-2019-10009

MEDIUM

6.5

CVSS Severity Score

EPSS Score0.1970%

EPSS Percentile11.57th

Published2019年6月3日

Last Modified2024年11月21日

Vulnerability Description

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory.

Affected Platforms (CPE)

📦

Southrivertech

Titan Ftp Server

= 2019

References & Advisories

🔗 http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html

🔗 http://seclists.org/fulldisclosure/2019/Mar/47

🔗 http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html

🔗 https://seclists.org/fulldisclosure/2019/Mar/47

🔗 https://www.exploit-db.com/exploits/46611

🔗 https://www.exploit-db.com/exploits/46611/

🔗 http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html

🔗 http://seclists.org/fulldisclosure/2019/Mar/47

関連する脆弱性情報

CVE-2008-528110.0

Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE co...

CVE-2008-072510.0

Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow rem...

CVE-2008-07029.3

Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (d...

CVE-2010-24256.5

Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versio...