File Disclosure Vulnerability in Guild FTPd Software
CVE-2000-0640

Currently unrated

Key Information:

Vendor: Steve Poulsen
Status: Guildftpd
Vendor: CVE Published:; 8 July 2000

🔔 Create Steve Poulsen Vulnerability Alert

What is CVE-2000-0640?

Guild FTPd contains a vulnerability that permits remote attackers to exploit a directory traversal weakness. By using a '..' (dot dot) attack, an attacker can ascertain the existence of files located outside of the FTP server's root directory. This is accomplished by manipulating the path structure, resulting in different server responses based on whether the requested file exists or not. Such information exposure can lead to further attacks and should be mitigated to secure sensitive files against unauthorized access.

References

http://archives.neohapsis.com/archives/bugtraq/2000-07/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1452

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/4922

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 2, 2000
Vulnerability published
Jul 8, 2000