cvelistv5 - cve-2008-5692

CVE-2008-5692 (GCVE-0-2008-5692)

Vulnerability from cvelistv5 – Published: 2008-12-19 18:00 – Updated: 2024-08-07 11:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/4799	third-party-advisoryx_refsource_SREASON
	http://docs.ipswitch.com/WS_FTP_Server611/Release…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0473	vdb-entryx_refsource_VUPEN
	http://aluigi.altervista.org/adv/wsftpweblog-adv.txt	x_refsource_MISC
	http://www.securityfocus.com/bid/27654	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/487697/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/487686/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28822	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:44.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "4799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4799"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
          },
          {
            "name": "ADV-2008-0473",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0473"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
          },
          {
            "name": "27654",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27654"
          },
          {
            "name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
          },
          {
            "name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
          },
          {
            "name": "28822",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28822"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "4799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4799"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
        },
        {
          "name": "ADV-2008-0473",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0473"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
        },
        {
          "name": "27654",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27654"
        },
        {
          "name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
        },
        {
          "name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
        },
        {
          "name": "28822",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28822"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "4799",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4799"
            },
            {
              "name": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12",
              "refsource": "CONFIRM",
              "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
            },
            {
              "name": "ADV-2008-0473",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0473"
            },
            {
              "name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
            },
            {
              "name": "27654",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27654"
            },
            {
              "name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
            },
            {
              "name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
            },
            {
              "name": "28822",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28822"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5692",
    "datePublished": "2008-12-19T18:00:00",
    "dateReserved": "2008-12-19T00:00:00",
    "dateUpdated": "2024-08-07T11:04:44.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.1\", \"matchCriteriaId\": \"898F836A-4413-4A14-9D99-E15CE2AF7660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89C81A58-330F-41DC-BEF7-A5850D5DF0D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69ADEDB9-99B5-4F1D-8D3F-CFAB6CA8DED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFBC2FE5-2367-4F08-B939-9F3F96356BC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE467C51-6B92-4291-BF49-14422E5FE719\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40483FCD-0111-4950-8CAA-BE55DC3161D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"097E2EC7-83DB-47B1-BA69-0234FB2EC9B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F87D07A-769A-4D5F-8EAB-3A2FF877DD06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1329DB51-5871-4B3C-800D-EA0B99655862\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"440A634D-31F4-4B1A-8CAC-42368CBED0E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0B010EF-AA23-4297-B523-A6909E689D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ABD7295-9DB0-418E-ACCB-8623AA44AD39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155FCE9D-EA9C-48FF-9A07-49DD2232D2EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EF2984F-1130-42A3-89F4-AB1CB1E5A4BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81332CD2-A180-4D79-BA79-6B5FD560CC78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06DAC70D-AA7E-4F18-82CD-8EB93C64B1B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A37736C6-D729-41AC-BABD-2FBAC371E777\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6E87011-C9AA-4D52-A8F1-E3172B635929\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E2AB91D-0EFB-4E20-978D-D38168F4BFBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EBA8A91-2C2D-4C50-AFD1-898C9C79C5F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32212E07-9A0F-4E03-A83F-82D11BA0A256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0C1CC7B-B4F9-4F15-8EAC-033119C5DA37\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.\"}, {\"lang\": \"es\", \"value\": \"Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticaci\\u00f3n y leer los logs a trav\\u00e9s de una acci\\u00f3n logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull.\"}]",
      "id": "CVE-2008-5692",
      "lastModified": "2024-11-21T00:54:39.713",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-12-19T18:30:00.407",
      "references": "[{\"url\": \"http://aluigi.altervista.org/adv/wsftpweblog-adv.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28822\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4799\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487686/100/200/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487697/100/200/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27654\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0473\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aluigi.altervista.org/adv/wsftpweblog-adv.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28822\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4799\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487686/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487697/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27654\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0473\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5692\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-19T18:30:00.407\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.\"},{\"lang\":\"es\",\"value\":\"Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticaci\u00f3n y leer los logs a trav\u00e9s de una acci\u00f3n logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1\",\"matchCriteriaId\":\"898F836A-4413-4A14-9D99-E15CE2AF7660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89C81A58-330F-41DC-BEF7-A5850D5DF0D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69ADEDB9-99B5-4F1D-8D3F-CFAB6CA8DED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFBC2FE5-2367-4F08-B939-9F3F96356BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE467C51-6B92-4291-BF49-14422E5FE719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40483FCD-0111-4950-8CAA-BE55DC3161D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097E2EC7-83DB-47B1-BA69-0234FB2EC9B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F87D07A-769A-4D5F-8EAB-3A2FF877DD06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1329DB51-5871-4B3C-800D-EA0B99655862\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440A634D-31F4-4B1A-8CAC-42368CBED0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B010EF-AA23-4297-B523-A6909E689D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ABD7295-9DB0-418E-ACCB-8623AA44AD39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155FCE9D-EA9C-48FF-9A07-49DD2232D2EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EF2984F-1130-42A3-89F4-AB1CB1E5A4BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81332CD2-A180-4D79-BA79-6B5FD560CC78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06DAC70D-AA7E-4F18-82CD-8EB93C64B1B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A37736C6-D729-41AC-BABD-2FBAC371E777\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E87011-C9AA-4D52-A8F1-E3172B635929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E2AB91D-0EFB-4E20-978D-D38168F4BFBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EBA8A91-2C2D-4C50-AFD1-898C9C79C5F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32212E07-9A0F-4E03-A83F-82D11BA0A256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0C1CC7B-B4F9-4F15-8EAC-033119C5DA37\"}]}]}],\"references\":[{\"url\":\"http://aluigi.altervista.org/adv/wsftpweblog-adv.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28822\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4799\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487686/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487697/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27654\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0473\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aluigi.altervista.org/adv/wsftpweblog-adv.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487686/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487697/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27654\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-5692

Vulnerability from fkie_nvd - Published: 2008-12-19 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
	cve@mitre.org	http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
	cve@mitre.org	http://secunia.com/advisories/28822
	cve@mitre.org	http://securityreason.com/securityalert/4799
	cve@mitre.org	http://www.securityfocus.com/archive/1/487686/100/200/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/487697/100/200/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/27654
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0473
	af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
	af854a3a-2127-422b-91ae-364da2661108	http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28822
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4799
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487686/100/200/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487697/100/200/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27654
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0473

Impacted products

Vendor	Product	Version
ipswitch	ws_ftp	*
ipswitch	ws_ftp	1.0.5
ipswitch	ws_ftp	2.01
ipswitch	ws_ftp	2.02
ipswitch	ws_ftp	2.03
ipswitch	ws_ftp	3.0
ipswitch	ws_ftp	3.0.1
ipswitch	ws_ftp	3.1.0
ipswitch	ws_ftp	3.1.1
ipswitch	ws_ftp	3.1.2
ipswitch	ws_ftp	3.1.3
ipswitch	ws_ftp	3.14
ipswitch	ws_ftp	4.00
ipswitch	ws_ftp	4.01
ipswitch	ws_ftp	4.02
ipswitch	ws_ftp	5.00
ipswitch	ws_ftp	5.01
ipswitch	ws_ftp	5.02
ipswitch	ws_ftp	5.03
ipswitch	ws_ftp	5.04
ipswitch	ws_ftp	5.05
ipswitch	ws_ftp	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "898F836A-4413-4A14-9D99-E15CE2AF7660",
              "versionEndIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C81A58-330F-41DC-BEF7-A5850D5DF0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "69ADEDB9-99B5-4F1D-8D3F-CFAB6CA8DED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFBC2FE5-2367-4F08-B939-9F3F96356BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE467C51-6B92-4291-BF49-14422E5FE719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40483FCD-0111-4950-8CAA-BE55DC3161D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097E2EC7-83DB-47B1-BA69-0234FB2EC9B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F87D07A-769A-4D5F-8EAB-3A2FF877DD06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1329DB51-5871-4B3C-800D-EA0B99655862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "440A634D-31F4-4B1A-8CAC-42368CBED0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B010EF-AA23-4297-B523-A6909E689D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABD7295-9DB0-418E-ACCB-8623AA44AD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "155FCE9D-EA9C-48FF-9A07-49DD2232D2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF2984F-1130-42A3-89F4-AB1CB1E5A4BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "81332CD2-A180-4D79-BA79-6B5FD560CC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "06DAC70D-AA7E-4F18-82CD-8EB93C64B1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37736C6-D729-41AC-BABD-2FBAC371E777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E87011-C9AA-4D52-A8F1-E3172B635929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2AB91D-0EFB-4E20-978D-D38168F4BFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EBA8A91-2C2D-4C50-AFD1-898C9C79C5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "32212E07-9A0F-4E03-A83F-82D11BA0A256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C1CC7B-B4F9-4F15-8EAC-033119C5DA37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
    },
    {
      "lang": "es",
      "value": "Ipswitch WS_FTP Server Manager anterior a la version 6.1.1, y posiblemente otros productos de Ipswitch, permite a atacantes remotos eludir la autenticaci\u00f3n y leer los logs a trav\u00e9s de una acci\u00f3n logLogout a FTPLogServer/login.asp seguido por una solicitud de FTPLogServer/LogViewer.asp con el nombre de cuenta localhostnull."
    }
  ],
  "id": "CVE-2008-5692",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-19T18:30:00.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28822"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4799"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27654"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0473"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200812-0134

Vulnerability from variot - Updated: 2023-12-18 13:15

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information. These issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be affected. Ipswitch WS_FTP Server is a highly secure and easy-to-manage file transfer server.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: IPSwitch WS_FTP Server Manager Security Bypass

SECUNIA ADVISORY ID: SA28822

VERIFY ADVISORY: http://secunia.com/advisories/28822/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Exposure of sensitive information

WHERE:

From remote

SOFTWARE: WS_FTP Server 6.x http://secunia.com/product/14782/

DESCRIPTION: Luigi Auriemma has discovered a security issue in IPSwitch WS_FTP Server, which can be exploited by malicious people to bypass certain access restrictions and disclose sensitive information.

The security issue is caused due to an error within the WS_FTP Server Manager when processing HTTP requests for the FTPLogServer/LogViewer.asp script. This can be exploited to gain access to the log viewing interface by e.g. logging out and directly accessing the FTPLogServer/LogViewer.asp script.

SOLUTION: Restrict access to trusted users only.

PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma

ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/wsftpweblog-adv.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200812-0134",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.0.1"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "6.0"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.1.3"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.14"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.1.1"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.0"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2.01"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.1.2"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2.03"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "5.01"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "5.02"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "4.00"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "4.01"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "5.05"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "3.1.0"
      },
      {
        "model": "ws ftp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "6.1"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "2.02"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "5.00"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "5.03"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "1.0.5"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "5.04"
      },
      {
        "model": "ws ftp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "4.02"
      },
      {
        "model": "ws ftp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "server manager 6.1.1"
      },
      {
        "model": "ws ftp server manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "6.1.0.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "6.1.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "6.0"
      },
      {
        "model": "ws ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "6.1.1"
      },
      {
        "model": "ws ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma is credited with the discovery of these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "27654"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-5692",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-5692",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-35817",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-5692",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200812-405",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-35817",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name. WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. \nAn attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information. \nThese issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be affected. Ipswitch WS_FTP Server is a highly secure and easy-to-manage file transfer server. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIPSwitch WS_FTP Server Manager Security Bypass\n\nSECUNIA ADVISORY ID:\nSA28822\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28822/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nWS_FTP Server 6.x\nhttp://secunia.com/product/14782/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a security issue in IPSwitch WS_FTP\nServer, which can be exploited by malicious people to bypass certain\naccess restrictions and disclose sensitive information. \n\nThe security issue is caused due to an error within the WS_FTP Server\nManager when processing HTTP requests for the\nFTPLogServer/LogViewer.asp script. This can be exploited to gain\naccess to the log viewing interface by e.g. logging out and directly\naccessing the FTPLogServer/LogViewer.asp script. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/wsftpweblog-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "BID",
        "id": "27654"
      },
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "PACKETSTORM",
        "id": "63375"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-35817",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-5692",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "27654",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "28822",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0473",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "4799",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20080206 RE: LOGS VISUALIZATION IN WS_FTP SERVER MANAGER 6.1.0.0",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080206 LOGS VISUALIZATION IN WS_FTP SERVER MANAGER 6.1.0.0",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-84469",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "31117",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-35817",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "63375",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "BID",
        "id": "27654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "PACKETSTORM",
        "id": "63375"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "id": "VAR-200812-0134",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:29.729000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fixed in 6.1.1",
        "trust": 0.8,
        "url": "http://docs.ipswitch.com/ws_ftp_server611/releasenotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/27654"
      },
      {
        "trust": 1.7,
        "url": "http://docs.ipswitch.com/ws_ftp_server611/releasenotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28822"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/4799"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0473"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5692"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5692"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/487697/100/200/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/487686/100/200/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0473"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/products/ws_ftp/home/index.asp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/487682"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitchft.com/support/ws_ftp_server/releases/wr611.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14782/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28822/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "BID",
        "id": "27654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "PACKETSTORM",
        "id": "63375"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "db": "BID",
        "id": "27654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "db": "PACKETSTORM",
        "id": "63375"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "date": "2008-02-06T00:00:00",
        "db": "BID",
        "id": "27654"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "date": "2008-02-08T01:19:15",
        "db": "PACKETSTORM",
        "id": "63375"
      },
      {
        "date": "2008-12-19T18:30:00.407000",
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "date": "2008-12-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-35817"
      },
      {
        "date": "2016-07-06T14:17:00",
        "db": "BID",
        "id": "27654"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      },
      {
        "date": "2018-10-11T20:56:28.617000",
        "db": "NVD",
        "id": "CVE-2008-5692"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch WS_FTP Server Manager Vulnerable to read logs",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005194"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-405"
      }
    ],
    "trust": 0.6
  }
}

GHSA-QGJR-23FM-J744

Vulnerability from github – Published: 2022-05-14 02:39 – Updated: 2022-05-14 02:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-19T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.",
  "id": "GHSA-qgjr-23fm-j744",
  "modified": "2022-05-14T02:39:23Z",
  "published": "2022-05-14T02:39:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5692"
    },
    {
      "type": "WEB",
      "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
    },
    {
      "type": "WEB",
      "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28822"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4799"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27654"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-5692

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-5692

Aliases

CVE-2008-5692

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5692",
    "description": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.",
    "id": "GSD-2008-5692"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5692"
      ],
      "details": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.",
      "id": "GSD-2008-5692",
      "modified": "2023-12-13T01:23:04.532884Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-5692",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "4799",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4799"
          },
          {
            "name": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12",
            "refsource": "CONFIRM",
            "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
          },
          {
            "name": "ADV-2008-0473",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0473"
          },
          {
            "name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
            "refsource": "MISC",
            "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
          },
          {
            "name": "27654",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27654"
          },
          {
            "name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
          },
          {
            "name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
          },
          {
            "name": "28822",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28822"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:4.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:5.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp:2.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5692"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28822",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28822"
            },
            {
              "name": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://aluigi.altervista.org/adv/wsftpweblog-adv.txt"
            },
            {
              "name": "27654",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27654"
            },
            {
              "name": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12"
            },
            {
              "name": "4799",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4799"
            },
            {
              "name": "ADV-2008-0473",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0473"
            },
            {
              "name": "20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487697/100/200/threaded"
            },
            {
              "name": "20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487686/100/200/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:56Z",
      "publishedDate": "2008-12-19T18:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5692 (GCVE-0-2008-5692)

FKIE_CVE-2008-5692

VAR-200812-0134

GHSA-QGJR-23FM-J744

GSD-2008-5692

Tags

Sightings

Nomenclature