VAR-201906-1192
Vulnerability from variot - Updated: 2023-12-18 13:13A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a ....\ technique, arbitrary files can be loaded in the server response outside the root directory. TitanFTPServer is an FTP file transfer server. A directory traversal vulnerability exists in the TitanFTPServer2019build3505 release. An attacker could exploit this vulnerability to load arbitrary files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "titan ftp server",
"scope": "eq",
"trust": 1.0,
"vendor": "southrivertech",
"version": "2019"
},
{
"model": "titan ftp server",
"scope": "eq",
"trust": 0.8,
"vendor": "south river",
"version": "2019 build 3505"
},
{
"model": "ftp server titan ftp server build",
"scope": "eq",
"trust": 0.6,
"vendor": "titan",
"version": "20193505"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:southrivertech:titan_ftp_server:2019:3505:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kevin Randall",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10009",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-14425",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10009",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-14425",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-1047",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \\..\\..\\ technique, arbitrary files can be loaded in the server response outside the root directory. TitanFTPServer is an FTP file transfer server. A directory traversal vulnerability exists in the TitanFTPServer2019build3505 release. An attacker could exploit this vulnerability to load arbitrary files",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "CNVD",
"id": "CNVD-2019-14425"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10009",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "152244",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "46611",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-14425",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"id": "VAR-201906-1192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
}
]
},
"last_update_date": "2023-12-18T13:13:23.132000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://titanftp.com/"
},
{
"title": "TitanFTPServer path traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161313"
},
{
"title": "Titan FTP Server Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90467"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2019/mar/47"
},
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/152244/titan-ftp-server-2019-build-3505-directory-traversal.html"
},
{
"trust": 2.8,
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"trust": 1.6,
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10009"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10009"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"date": "2019-06-03T21:29:00.350000",
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"date": "2019-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"date": "2019-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"date": "2019-06-06T20:29:02.307000",
"db": "NVD",
"id": "CVE-2019-10009"
},
{
"date": "2019-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titan FTP Server Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14425"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005007"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
],
"trust": 2.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-1047"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…