Vulnerability-Lookup

FKIE_CVE-2005-0483

Vulnerability from fkie_nvd - Published: 2005-03-30 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/archive/1/390924	Exploit, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/12586	Exploit, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/19401
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/390924	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/12586	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/19401

Impacted products

Vendor	Product	Version
glftpd	glftpd	1.26
glftpd	glftpd	1.27
glftpd	glftpd	1.28
glftpd	glftpd	1.29.1
glftpd	glftpd	1.31
glftpd	glftpd	1.32
glftpd	glftpd	2.0
glftpd	glftpd	2.0_rc1
glftpd	glftpd	2.0_rc2
glftpd	glftpd	2.0_rc3
glftpd	glftpd	2.0_rc4
glftpd	glftpd	2.0_rc5
glftpd	glftpd	2.0_rc6
glftpd	glftpd	2.0_rc7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "648069B8-DCAD-4E41-8721-64ED93CF5D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BC92E29-F4C6-4529-B691-1B3C9621BECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA83D5D1-47A5-4173-9C03-3BBECB446CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.29.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6AE9464-A3D2-4CAE-90F2-E241FEE8D75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CA4FD5-451F-4657-B494-F48DA6D933E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C626C28-742B-4F6D-94E0-56B445260522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F0131D-0E50-433A-ABEB-3B0062BFDC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FFFE55-070E-45B1-889D-0F81EAA1E213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2931F258-AECE-4181-905A-D8801E12721B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D773FC-D4D3-495D-BDE0-155B896D1B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0D405B1-8AF9-46A5-AFB0-628F067D8D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAED5165-E96B-45BD-9C93-A365C6569E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8215195F-1FE1-4F3C-A067-E69F177E58B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glftpd:glftpd:2.0_rc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05E032C-B32F-4AD6-B226-9E49CCD5D44F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing (\"*\") characters in a SITE NFO command."
    },
    {
      "lang": "es",
      "value": "M\u00faltiple atravesamiento de directorios en sitenfo.sh,  sitezipchk.sh y siteziplist.sh en Glftpd de la versi\u00f3n 1.26 a la 2.00 permite a usuarios autenticados remotamente:\r\n\r\ndeterminar la existencia de ficheros arbitrarios,\r\nlistar los ficheros incluidos en directorios restringidos,\r\nleer ficheros arbitrarios de archivos ZIP o gzip, mediante; secuencias .. (punto punto) y caracteres (\"\"*\"\") en el comando SITE NFO."
    }
  ],
  "id": "CVE-2005-0483",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-03-30T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/390924"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/12586"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/390924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/12586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2005-0483 (GCVE-0-2005-0483)

Vulnerability from cvelistv5 – Published: 2005-02-19 05:00 – Updated: 2024-08-07 21:13

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/390924	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/12586	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:13:54.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/390924"
          },
          {
            "name": "glftpd-sitenfosh-directory-traversal(19401)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401"
          },
          {
            "name": "12586",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12586"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing (\"*\") characters in a SITE NFO command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/390924"
        },
        {
          "name": "glftpd-sitenfosh-directory-traversal(19401)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401"
        },
        {
          "name": "12586",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12586"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing (\"*\") characters in a SITE NFO command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/390924"
            },
            {
              "name": "glftpd-sitenfosh-directory-traversal(19401)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19401"
            },
            {
              "name": "12586",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12586"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0483",
    "datePublished": "2005-02-19T05:00:00",
    "dateReserved": "2005-02-19T00:00:00",
    "dateUpdated": "2024-08-07T21:13:54.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2005-0483

CVE-2005-0483 (GCVE-0-2005-0483)

Tags

Sightings

Nomenclature