cvelistv5 - cve-2006-4847

CVE-2006-4847 (GCVE-0-2006-4847)

Vulnerability from cvelistv5 – Published: 2006-09-19 01:00 – Updated: 2024-08-07 19:23

Summary

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/21932	third-party-advisoryx_refsource_SECUNIA
	http://ipswitch.com/support/ws_ftp-server/release…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/3655	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/28939	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/20076	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.399Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21932"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
          },
          {
            "name": "ADV-2006-3655",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3655"
          },
          {
            "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
          },
          {
            "name": "28939",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28939"
          },
          {
            "name": "20076",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21932"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
        },
        {
          "name": "ADV-2006-3655",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3655"
        },
        {
          "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
        },
        {
          "name": "28939",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28939"
        },
        {
          "name": "20076",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20076"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4847",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21932"
            },
            {
              "name": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp",
              "refsource": "CONFIRM",
              "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
            },
            {
              "name": "ADV-2006-3655",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3655"
            },
            {
              "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
            },
            {
              "name": "28939",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28939"
            },
            {
              "name": "20076",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20076"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4847",
    "datePublished": "2006-09-19T01:00:00",
    "dateReserved": "2006-09-18T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1eval:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FFFF21C-9F80-4BFC-B71C-E534F42020BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2eval:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA1CFEE0-7707-4B3D-8E84-0C42F56F5666\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B30C60A-2716-4464-A9CD-2649DC763037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44A4DEB6-8E4B-4DAD-911C-DCC26D4C9DCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E0A22A5-FBBB-4B7D-A64D-8F021B60181F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA85C3EF-DAD2-4383-9E97-65B4D77A73E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.05\", \"matchCriteriaId\": \"50BFB437-2855-401A-AD99-D20A51F2DA82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A886D80F-D72C-4BDF-A65F-27CA82348C48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9BE1954-74C5-4A91-9C9A-C0647F281017\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A0D7240-62C8-4003-A840-98E818709D9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DE6789D-5DA5-489F-A900-F4788286ACE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA99A58B-F751-4C04-B41B-CBE94998AA42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D8225C-A74A-451E-9589-F1E00E4728D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C3438AF-FCF1-4D77-83D5-27B9989F0683\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"843B6647-BF92-46D1-ADEE-92088D9AD1C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B80A25-3860-4CF5-B8ED-5370EBB42455\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7B58011-9D3B-432C-93B1-47938F7E2D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50BE9ECB-4799-48BD-B3BE-7EE27FE3AA40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEBC59D2-405D-4374-812A-A3AEE0D6D594\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"755C3FB5-5D5B-4732-86F9-68A6612BC819\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"968C0544-A2F5-4FA6-A4B8-89113EE95B0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33B458B-F945-4D1A-81B7-F07CCC183C14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9D662A9-5D1B-465E-A4B1-A4C86BA207C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBA7690C-8ADA-462E-B671-4D4CB243A483\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29B11EAC-796C-43E4-A150-F3FE3F19A058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A71B59A7-9467-4729-9A24-D5291C059E66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C1D0E89-C64F-4027-BF44-8F7159A5AE21\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en Ipswitch WS_FTP Server 5.05 anterior al Hotfix 1 permiten a usuarios autenticados remotamente ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de comandos largos (1) XCRC, (2) XSHA1, o (3) XMD5.\"}]",
      "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nIpswitch, WS_FTP Server, 5.05 Hotfix 1",
      "id": "CVE-2006-4847",
      "lastModified": "2024-11-21T00:16:53.137",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-09-19T01:07:00.000",
      "references": "[{\"url\": \"http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/21932\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/28939\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20076\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3655\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28983\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/21932\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/28939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/28983\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4847\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-09-19T01:07:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Ipswitch WS_FTP Server 5.05 anterior al Hotfix 1 permiten a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de comandos largos (1) XCRC, (2) XSHA1, o (3) XMD5.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1eval:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FFFF21C-9F80-4BFC-B71C-E534F42020BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2eval:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA1CFEE0-7707-4B3D-8E84-0C42F56F5666\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B30C60A-2716-4464-A9CD-2649DC763037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44A4DEB6-8E4B-4DAD-911C-DCC26D4C9DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0A22A5-FBBB-4B7D-A64D-8F021B60181F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA85C3EF-DAD2-4383-9E97-65B4D77A73E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.05\",\"matchCriteriaId\":\"50BFB437-2855-401A-AD99-D20A51F2DA82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A886D80F-D72C-4BDF-A65F-27CA82348C48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9BE1954-74C5-4A91-9C9A-C0647F281017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0D7240-62C8-4003-A840-98E818709D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE6789D-5DA5-489F-A900-F4788286ACE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA99A58B-F751-4C04-B41B-CBE94998AA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D8225C-A74A-451E-9589-F1E00E4728D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3438AF-FCF1-4D77-83D5-27B9989F0683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"843B6647-BF92-46D1-ADEE-92088D9AD1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B80A25-3860-4CF5-B8ED-5370EBB42455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B58011-9D3B-432C-93B1-47938F7E2D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BE9ECB-4799-48BD-B3BE-7EE27FE3AA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBC59D2-405D-4374-812A-A3AEE0D6D594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"755C3FB5-5D5B-4732-86F9-68A6612BC819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968C0544-A2F5-4FA6-A4B8-89113EE95B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33B458B-F945-4D1A-81B7-F07CCC183C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D662A9-5D1B-465E-A4B1-A4C86BA207C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA7690C-8ADA-462E-B671-4D4CB243A483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B11EAC-796C-43E4-A150-F3FE3F19A058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71B59A7-9467-4729-9A24-D5291C059E66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1D0E89-C64F-4027-BF44-8F7159A5AE21\"}]}]}],\"references\":[{\"url\":\"http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/21932\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/28939\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20076\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3655\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28983\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/21932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/28939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/28983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product update:\\r\\nIpswitch, WS_FTP Server, 5.05 Hotfix 1\"}}"
  }
}

CERTA-2006-AVI-422

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans WS_FTP Server permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité de type débordement de mémoire peut être exploitée en passant des arguments spécialement conçus aux commandes suivantes XCRC, XSHA1 et XMD5. Une personne malveillante pourrait ainsi exécuter du code arbitraire à distance sur le serveur vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

WS_FTP Server 5.05 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IPSwitch du 14 septembre 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWS_FTP Server 5.05 et versions ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire peut \u00eatre exploit\u00e9e en\npassant des arguments sp\u00e9cialement con\u00e7us aux commandes suivantes XCRC,\nXSHA1 et XMD5. Une personne malveillante pourrait ainsi ex\u00e9cuter du code\narbitraire \u00e0 distance sur le serveur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5000"
    },
    {
      "name": "CVE-2006-5001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5001"
    },
    {
      "name": "CVE-2006-4847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4847"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-422",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans WS_FTP Server permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ws_ftp",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IPSwitch du 14 septembre 2006",
      "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
    }
  ]
}

CERTA-2006-AVI-422

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans WS_FTP Server permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

WS_FTP Server 5.05 et versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IPSwitch du 14 septembre 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWS_FTP Server 5.05 et versions ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire peut \u00eatre exploit\u00e9e en\npassant des arguments sp\u00e9cialement con\u00e7us aux commandes suivantes XCRC,\nXSHA1 et XMD5. Une personne malveillante pourrait ainsi ex\u00e9cuter du code\narbitraire \u00e0 distance sur le serveur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5000"
    },
    {
      "name": "CVE-2006-5001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5001"
    },
    {
      "name": "CVE-2006-4847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4847"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-422",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans WS_FTP Server permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ws_ftp",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IPSwitch du 14 septembre 2006",
      "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
    }
  ]
}

GSD-2006-4847

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

Aliases

CVE-2006-4847

Aliases

CVE-2006-4847

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4847",
    "description": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.",
    "id": "GSD-2006-4847",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-4847"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4847"
      ],
      "details": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.",
      "id": "GSD-2006-4847",
      "modified": "2023-12-13T01:19:51.961673Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4847",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "21932",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21932"
          },
          {
            "name": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp",
            "refsource": "CONFIRM",
            "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
          },
          {
            "name": "ADV-2006-3655",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3655"
          },
          {
            "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
          },
          {
            "name": "28939",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/28939"
          },
          {
            "name": "20076",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20076"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1eval:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2eval:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.05",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4847"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
            },
            {
              "name": "21932",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21932"
            },
            {
              "name": "20076",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20076"
            },
            {
              "name": "28939",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/28939"
            },
            {
              "name": "ADV-2006-3655",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3655"
            },
            {
              "name": "wsftp-xcrc-xsha1-xmd5-bo(28983)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-10-11T14:45Z",
      "publishedDate": "2006-09-19T01:07Z"
    }
  }
}

GHSA-HVR7-P2V4-62J2

Vulnerability from github – Published: 2022-05-01 07:22 – Updated: 2022-05-01 07:22

Details

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4847"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-19T01:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.",
  "id": "GHSA-hvr7-p2v4-62j2",
  "modified": "2022-05-01T07:22:29Z",
  "published": "2022-05-01T07:22:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4847"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
    },
    {
      "type": "WEB",
      "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21932"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/28939"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20076"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3655"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200609-0297

Vulnerability from variot - Updated: 2023-12-18 12:40

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available. A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers. Ipswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. There is a typical stack overflow vulnerability in WS_FTP when processing super long XCRC/XSHA1/XMD5 extended command parameters. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE: WS_FTP Server FTP Commands Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA21932

VERIFY ADVISORY: http://secunia.com/advisories/21932/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: WS_FTP Server 5.x http://secunia.com/product/3853/

DESCRIPTION: A vulnerability have been reported in WS_FTP Server, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is due to a boundary error when parsing arguments to the "XCRC", "XSHA1", and "XMD5" commands. This can be exploited to cause stack-based buffer overflows via overly long command arguments.

The vulnerability has been reported in version 5.05.

SOLUTION: Apply patch. http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0297",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "5.03"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "5.02"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "4.01"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "3.0_1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.1.e"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.2.e"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.4"
      },
      {
        "model": "ws ftp server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "progress",
        "version": "5.05"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "1.0.2eval"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "1.0.1eval"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.5"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "4.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "4.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "5.05"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "hotfix 1"
      },
      {
        "model": "ws ftp server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "5.05"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "4.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "4.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "3.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "3.1.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "3.1.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ipswitch",
        "version": "3.1.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "5.04"
      },
      {
        "model": "ws ftp server hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "5.051"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "20076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1eval:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2eval:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.05",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This vulnerability was discovered by an anonymous researcher.",
    "sources": [
      {
        "db": "BID",
        "id": "20076"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-4847",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-4847",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-20955",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-4847",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-295",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20955",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available. \nA successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers. \nIpswitch WS_FTP Server 5.04 and 5.05 are vulnerable to these issues; other versions may also be affected. Ipswitch WS_FTP Server is an FTP service program suitable for Windows systems. There is a typical stack overflow vulnerability in WS_FTP when processing super long XCRC/XSHA1/XMD5 extended command parameters. The exploitation of the vulnerability requires the user to log in to the system with a legal account, but No writable directory is required. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nWS_FTP Server FTP Commands Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA21932\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21932/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nWS_FTP Server 5.x\nhttp://secunia.com/product/3853/\n\nDESCRIPTION:\nA vulnerability have been reported in WS_FTP Server, which can be\nexploited by malicious users to compromise a vulnerable system. \n\nThe vulnerability is due to a boundary error when parsing arguments\nto the \"XCRC\", \"XSHA1\", and \"XMD5\" commands. This can be exploited to\ncause stack-based buffer overflows via overly long command arguments. \n\nThe vulnerability has been reported in version 5.05. \n\nSOLUTION:\nApply patch. \nhttp://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "BID",
        "id": "20076"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "db": "PACKETSTORM",
        "id": "50127"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-20955",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-4847",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "20076",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "21932",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "28939",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3655",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "82965",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71222",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16717",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "3335",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-20955",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50127",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "db": "BID",
        "id": "20076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "PACKETSTORM",
        "id": "50127"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "id": "VAR-200609-0297",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:40:03.253000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WS_FTP Server 5.05 Hotfix 1",
        "trust": 0.8,
        "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
      },
      {
        "title": "Ipswitch WS_FTP Server Buffer Overflow Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96806"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/20076"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/28939"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21932"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2006/3655"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4847"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4847"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/products/ws_ftp/home/index.asp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/447077"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21932/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3853/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "db": "BID",
        "id": "20076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "PACKETSTORM",
        "id": "50127"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "db": "BID",
        "id": "20076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "db": "PACKETSTORM",
        "id": "50127"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "date": "2006-09-14T00:00:00",
        "db": "BID",
        "id": "20076"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "date": "2006-09-21T23:56:25",
        "db": "PACKETSTORM",
        "id": "50127"
      },
      {
        "date": "2006-09-19T01:07:00",
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "date": "2006-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20955"
      },
      {
        "date": "2016-07-05T21:38:00",
        "db": "BID",
        "id": "20076"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      },
      {
        "date": "2023-10-11T14:45:44.747000",
        "db": "NVD",
        "id": "CVE-2006-4847"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch WS_FTP Server Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002114"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-295"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2006-4847

Vulnerability from fkie_nvd - Published: 2006-09-19 01:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

References

URL	Tags
cve@mitre.org	http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp	Patch
cve@mitre.org	http://secunia.com/advisories/21932	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/28939
cve@mitre.org	http://www.securityfocus.com/bid/20076
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3655
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28983
af854a3a-2127-422b-91ae-364da2661108	http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21932	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/28939
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20076
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3655
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28983

Impacted products

Vendor	Product	Version
ipswitch	ws_ftp_server	1.0.1eval
ipswitch	ws_ftp_server	1.0.2eval
ipswitch	ws_ftp_server	3.0_1
ipswitch	ws_ftp_server	4.01
ipswitch	ws_ftp_server	5.02
ipswitch	ws_ftp_server	5.03
progress	ws_ftp_server	*
progress	ws_ftp_server	1.0.1
progress	ws_ftp_server	1.0.1.e
progress	ws_ftp_server	1.0.2
progress	ws_ftp_server	1.0.2.e
progress	ws_ftp_server	1.0.3
progress	ws_ftp_server	1.0.4
progress	ws_ftp_server	1.0.5
progress	ws_ftp_server	2.0
progress	ws_ftp_server	2.0.1
progress	ws_ftp_server	2.0.2
progress	ws_ftp_server	2.0.3
progress	ws_ftp_server	2.0.4
progress	ws_ftp_server	3.0
progress	ws_ftp_server	3.1
progress	ws_ftp_server	3.1.1
progress	ws_ftp_server	3.1.2
progress	ws_ftp_server	3.1.3
progress	ws_ftp_server	3.4
progress	ws_ftp_server	4.0
progress	ws_ftp_server	4.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.1eval:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FFFF21C-9F80-4BFC-B71C-E534F42020BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:1.0.2eval:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1CFEE0-7707-4B3D-8E84-0C42F56F5666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B30C60A-2716-4464-A9CD-2649DC763037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4DEB6-8E4B-4DAD-911C-DCC26D4C9DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E0A22A5-FBBB-4B7D-A64D-8F021B60181F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA85C3EF-DAD2-4383-9E97-65B4D77A73E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BFB437-2855-401A-AD99-D20A51F2DA82",
              "versionEndIncluding": "5.05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A886D80F-D72C-4BDF-A65F-27CA82348C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.1.e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9BE1954-74C5-4A91-9C9A-C0647F281017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0D7240-62C8-4003-A840-98E818709D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.2.e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DE6789D-5DA5-489F-A900-F4788286ACE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA99A58B-F751-4C04-B41B-CBE94998AA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D8225C-A74A-451E-9589-F1E00E4728D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3438AF-FCF1-4D77-83D5-27B9989F0683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "843B6647-BF92-46D1-ADEE-92088D9AD1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B80A25-3860-4CF5-B8ED-5370EBB42455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B58011-9D3B-432C-93B1-47938F7E2D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BE9ECB-4799-48BD-B3BE-7EE27FE3AA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBC59D2-405D-4374-812A-A3AEE0D6D594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "755C3FB5-5D5B-4732-86F9-68A6612BC819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "968C0544-A2F5-4FA6-A4B8-89113EE95B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33B458B-F945-4D1A-81B7-F07CCC183C14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D662A9-5D1B-465E-A4B1-A4C86BA207C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA7690C-8ADA-462E-B671-4D4CB243A483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B11EAC-796C-43E4-A150-F3FE3F19A058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71B59A7-9467-4729-9A24-D5291C059E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1D0E89-C64F-4027-BF44-8F7159A5AE21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Ipswitch WS_FTP Server 5.05 anterior al Hotfix 1 permiten a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de comandos largos (1) XCRC, (2) XSHA1, o (3) XMD5."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nIpswitch, WS_FTP Server, 5.05 Hotfix 1",
  "id": "CVE-2006-4847",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-19T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21932"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28939"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20076"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3655"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28983"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4847 (GCVE-0-2006-4847)

CERTA-2006-AVI-422

Description

Solution

CERTA-2006-AVI-422

Description

Solution

GSD-2006-4847

GHSA-HVR7-P2V4-62J2

VAR-200609-0297

FKIE_CVE-2006-4847

Tags

Sightings

Nomenclature