CVE-2023-40049: WS_FTP Server Information Disclosure via Directory Listing
First published: Wed Sep 27 2023(Updated: )
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
Credit: security@progress.com security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Ws Ftp Server | <8.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-40049.
What is the severity of CVE-2023-40049?
The severity of CVE-2023-40049 is medium with a severity value of 5.3.
What software is affected by CVE-2023-40049?
Progress WS FTP Server version prior to 8.8.2 is affected by CVE-2023-40049.
Is authentication required to exploit CVE-2023-40049?
No, CVE-2023-40049 can be exploited by an unauthenticated user.
What actions can an attacker do using CVE-2023-40049?
An attacker can enumerate files under the 'WebServiceHost' directory listing using CVE-2023-40049.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/progress
- canonical/progress ws ftp server