CVE-2005-1238

Currently unrated

Key Information:

Vendor: IBM
Status: Iseries As 400
Vendor: CVE Published:; 2 May 2005

Summary

By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.

References

http://www.securityfocus.com/archive/1/396628

mailing-listx_refsource_BUGTRAQ

http://www.venera.com/downloads/Canonicalization_problems...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/20260

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 24, 2005