Published: 19/12/2008 Updated: 11/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Ipswitch WS_FTP Server Manager prior to 6.1.1, and possibly other Ipswitch products, allows remote malicious users to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch ws ftp 4.02
ipswitch ws ftp 4.01
ipswitch ws ftp 3.1.1
ipswitch ws ftp 3.1.2
ipswitch ws ftp
ipswitch ws ftp 5.05
ipswitch ws ftp 1.0.5
ipswitch ws ftp 4.00
ipswitch ws ftp 3.1.3
ipswitch ws ftp 5.01
ipswitch ws ftp 2.02
ipswitch ws ftp 5.02
ipswitch ws ftp 3.1.0
ipswitch ws ftp 5.00
ipswitch ws ftp 3.0
ipswitch ws ftp 2.03
ipswitch ws ftp 3.14
ipswitch ws ftp 5.03
ipswitch ws ftp 5.04
ipswitch ws ftp 6.0
ipswitch ws ftp 3.0.1
ipswitch ws ftp 2.01

source: wwwsecurityfocuscom/bid/27654/info WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability An attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information These issues affect WS_FTP Ser ...

CWE-287 http://secunia.com/advisories/28822 http://aluigi.altervista.org/adv/wsftpweblog-adv.txt http://www.securityfocus.com/bid/27654 http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12 http://securityreason.com/securityalert/4799 http://www.vupen.com/english/advisories/2008/0473 http://www.securityfocus.com/archive/1/487697/100/200/threaded http://www.securityfocus.com/archive/1/487686/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31117/

CVE-2008-5692

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect