First published: Fri Jul 27 2001(Updated: )
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
CrushFTP | =2.1.4 | |
CrushFTP | <=2.1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2001-0582 is considered a moderate severity vulnerability due to its potential for local file access exploitation.
To fix CVE-2001-0582, upgrade to CrushFTP FTP Server version 2.1.7 or later, which resolves the directory traversal issue.
CVE-2001-0582 is associated with a directory traversal attack, often called a '..' (dot dot) attack.
CrushFTP FTP Server version 2.1.6 and earlier are affected by CVE-2001-0582.
The vendor associated with CVE-2001-0582 is Ben Spink, the developer of CrushFTP.