CVE-2005-1244
First published: Wed Apr 20 2005(Updated: )
** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetIQ PsSecure | =7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1244?
CVE-2005-1244 is considered a medium severity vulnerability due to its potential for unauthorized file access.
How do I fix CVE-2005-1244?
To fix CVE-2005-1244, ensure you apply any available patches from NetIQ for the PSsecure version 7.5.
What systems are affected by CVE-2005-1244?
CVE-2005-1244 affects the NetIQ PSsecure version 7.5 utilized for iSeries AS/400 FTP servers.
What type of vulnerability is CVE-2005-1244?
CVE-2005-1244 is a directory traversal vulnerability that allows access to arbitrary files on the server.
Is there any vendor response for CVE-2005-1244?
Yes, the vendor, NetIQ, has disputed the validity of CVE-2005-1244, stating it may not be an exploitable issue.
- agent/author
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-historical
- status/disputed
- vendor/netiq
- canonical/netiq pssecure
- version/netiq pssecure/7.5