nvd-json-data-feeds/CVE-2009/CVE-2009-40xx/CVE-2009-4053.json

{
  "id": "CVE-2009-4053",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-11-23T17:30:00.767",
  "lastModified": "2024-01-26T17:54:29.443",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de salto de directorio en Home FTP Server v1.10.1.139 permiten a usuarios autenticados remtos (1) crear directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en un comando MKD o (2) crear ficheros con cualquier contenido en directorios de su elecci\u00f3n a trav\u00e9s de secuencias de salto de directorio en una petici\u00f3n de subida de fichero.  NOTA: el origen de esta informaci\u00f3n es desconocido; los detalles han sido obtenidos \u00fanicamente de informaci\u00f3n de terceras partes."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:home_ftp_server_project:home_ftp_server:1.10.1.139:*:*:*:*:*:*:*",
              "matchCriteriaId": "2377037F-B08A-4896-9466-666F2D65E337"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://secunia.com/advisories/37381",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54303",
      "source": "nvd@nist.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}