admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-96xx/CVE-2019-9649.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

139 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-9649",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-03-22T20:29:00.557",
"lastModified": "2019-08-26T07:15:10.883",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\\..\\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en el componente SFTP Server en Core FTP 2.0 Build 674. Mediante el uso del comando MDTM FTP, un atacante remoto puede emplear una t\u00e9cnica de salto de directorio (..\\..\\) para navegar fuera del directorio root para determinar la existencia de un archivo en el sistema operativo, as\u00ed como su fecha de \u00faltima modificaci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coreftp:core_ftp:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "097B61FD-F685-47C0-9427-AA54DC97EAF1"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/154205/CoreFTP-Server-MDTM-Directory-Traversal.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Aug/22",
"source": "cve@mitre.org"
},
{
"url": "http://www.coreftp.com/forums/viewtopic.php?f=15&t=4022509",
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/107449",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://seclists.org/fulldisclosure/2019/Mar/25",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/46534",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink