cvelistv5 - CVE-2005-3057

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=113986337408103&w=2
cve@mitre.org	http://secunia.com/advisories/18844	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/16597
cve@mitre.org	http://www.vupen.com/english/advisories/2006/0539	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/24624

▼	Vendor	Product
	n/a	n/a

var-200512-0013

Vulnerability from variot

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. Fortinet FortiGate is reportedly prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue is said to occur when files are transferred using the FTP protocol under certain conditions. FortiGate devices running FortiOS v2.8MR10 and v3beta are affected by this issue. Other versions may also be vulnerable. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. The FTP component of Fortinet FortiGate cannot properly filter and check files.

TITLE: FortiGate URL Filter and Virus Scanning Bypass Vulnerabilities

SECUNIA ADVISORY ID: SA18844

VERIFY ADVISORY: http://secunia.com/advisories/18844/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

OPERATING SYSTEM: Fortinet FortiOS (FortiGate) 2.x http://secunia.com/product/2289/ Fortinet FortiOS (FortiGate) 3.x http://secunia.com/product/6802/

DESCRIPTION: Mathieu Dessus has reported two vulnerabilities in FortiGate, which can be exploited by malicious people and users to bypass certain security restrictions.

1) The URL blocking functionality can be bypassed by specially-crafted HTTP requests that are terminated by the CR character instead of the CRLF characters. It is also possible to bypass the functionality via a HTTP/1.0 request with no host header.

The vulnerability has been reported in FortiOS v2.8MR10 and v3beta.

SOLUTION: Do not rely on URL blocking as the only means of blocking users' access. Desktop-based on-access virus scanners should be used together with server-based virus scanners.

PROVIDED AND/OR DISCOVERED BY: Mathieu Dessus

ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0013",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "2.8"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3_beta"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.8_mr10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "2.8_mr10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "3_beta"
      },
      {
        "model": "fortios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios mr5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.36"
      },
      {
        "model": "fortios mr10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.8"
      },
      {
        "model": "fortios 0mr4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.5"
      },
      {
        "model": "fortios mr12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios mr1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "16597"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8_mr10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3_beta",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:fortigate:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mathieu Dessus  mdessus@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3057",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-14266",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3057",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-986",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14266",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP. Fortinet FortiGate is reportedly prone to a vulnerability that allows an attacker to bypass antivirus protection. This issue is said to occur when files are transferred using the FTP protocol under certain conditions. \nFortiGate devices running FortiOS v2.8MR10 and v3beta are affected by this issue. Other versions may also be vulnerable. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. The FTP component of Fortinet FortiGate cannot properly filter and check files. \n\nTITLE:\nFortiGate URL Filter and Virus Scanning Bypass Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA18844\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18844/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nFortinet FortiOS (FortiGate) 2.x\nhttp://secunia.com/product/2289/\nFortinet FortiOS (FortiGate) 3.x\nhttp://secunia.com/product/6802/\n\nDESCRIPTION:\nMathieu Dessus has reported two vulnerabilities in FortiGate, which\ncan be exploited by malicious people and users to bypass certain\nsecurity restrictions. \n\n1) The URL blocking functionality can be bypassed by\nspecially-crafted HTTP requests that are terminated by the CR\ncharacter instead of the CRLF characters. It is also possible to\nbypass the functionality via a HTTP/1.0 request with no host header. \n\nThe vulnerability has been reported in FortiOS v2.8MR10 and v3beta. \n\nThe vulnerability has been reported in FortiOS v2.8MR10 and v3beta. \n\nSOLUTION:\nDo not rely on URL blocking as the only means of blocking users\u0027\naccess. Desktop-based on-access virus scanners should be used\ntogether with server-based virus scanners. \n\nPROVIDED AND/OR DISCOVERED BY:\nMathieu Dessus\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042140.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "BID",
        "id": "16597"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "db": "PACKETSTORM",
        "id": "43767"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "16597",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "18844",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0539",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20060213 BYPASS FORTINET ANTI-VIRUS USING FTP",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060213 BYPASS FORTINET ANTI-VIRUS USING FTP",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "24624",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "8485",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-14266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43767",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "db": "BID",
        "id": "16597"
      },
      {
        "db": "PACKETSTORM",
        "id": "43767"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "id": "VAR-200512-0013",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:47:15.638000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-february/042139.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/16597"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18844"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=113986337408103\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0539"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24624"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/24624"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0539"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/8485"
      },
      {
        "trust": 0.3,
        "url": "http://fortinet.com/fortiguardcenter/ftp_vuln.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/424857"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=113986337408103\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6802/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-february/042140.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18844/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2289/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "db": "BID",
        "id": "16597"
      },
      {
        "db": "PACKETSTORM",
        "id": "43767"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "db": "BID",
        "id": "16597"
      },
      {
        "db": "PACKETSTORM",
        "id": "43767"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "date": "2006-02-13T00:00:00",
        "db": "BID",
        "id": "16597"
      },
      {
        "date": "2006-02-13T19:29:16",
        "db": "PACKETSTORM",
        "id": "43767"
      },
      {
        "date": "2005-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "date": "2005-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14266"
      },
      {
        "date": "2009-07-12T17:56:00",
        "db": "BID",
        "id": "16597"
      },
      {
        "date": "2017-07-11T01:33:05.347000",
        "db": "NVD",
        "id": "CVE-2005-3057"
      },
      {
        "date": "2011-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiGate Anti-virus engine bypass detection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-986"
      }
    ],
    "trust": 0.6
  }
}

ghsa-xf9f-9v6p-v639

Vulnerability from github

Published

2022-05-01 02:14

Modified

2022-05-01 02:14

Details

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3057"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.",
  "id": "GHSA-xf9f-9v6p-v639",
  "modified": "2022-05-01T02:14:07Z",
  "published": "2022-05-01T02:14:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3057"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24624"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=113986337408103\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18844"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16597"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0539"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2005-3057

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

Aliases

CVE-2005-3057

Aliases

CVE-2005-3057

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3057",
    "description": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.",
    "id": "GSD-2005-3057"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3057"
      ],
      "details": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.",
      "id": "GSD-2005-3057",
      "modified": "2023-12-13T01:20:12.097817Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3057",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060213 Bypass Fortinet anti-virus using FTP",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html"
          },
          {
            "name": "16597",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16597"
          },
          {
            "name": "20060213 Bypass Fortinet anti-virus using FTP",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=113986337408103\u0026w=2"
          },
          {
            "name": "18844",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18844"
          },
          {
            "name": "ADV-2006-0539",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/0539"
          },
          {
            "name": "fortinet-ftp-scan-bypass(24624)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24624"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8_mr10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3_beta",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:fortigate:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3057"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060213 Bypass Fortinet anti-virus using FTP",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html"
            },
            {
              "name": "18844",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/18844"
            },
            {
              "name": "16597",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/16597"
            },
            {
              "name": "20060213 Bypass Fortinet anti-virus using FTP",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=113986337408103\u0026w=2"
            },
            {
              "name": "ADV-2006-0539",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0539"
            },
            {
              "name": "fortinet-ftp-scan-bypass(24624)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24624"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:33Z",
      "publishedDate": "2005-12-31T05:00Z"
    }
  }
}

CVE-2005-3057

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2005-3057

Vulnerability from cvelistv5

var-200512-0013

Vulnerability from variot

ghsa-xf9f-9v6p-v639

Vulnerability from github

gsd-2005-3057

Vulnerability from gsd

Tags

Sightings

Nomenclature