Ipswitch WS_FTP Server Manager prior to 6.1.1, and possibly other Ipswitch products, allows remote malicious users to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ipswitch ws ftp 4.02 |
||
ipswitch ws ftp 4.01 |
||
ipswitch ws ftp 3.1.1 |
||
ipswitch ws ftp 3.1.2 |
||
ipswitch ws ftp |
||
ipswitch ws ftp 5.05 |
||
ipswitch ws ftp 1.0.5 |
||
ipswitch ws ftp 4.00 |
||
ipswitch ws ftp 3.1.3 |
||
ipswitch ws ftp 5.01 |
||
ipswitch ws ftp 2.02 |
||
ipswitch ws ftp 5.02 |
||
ipswitch ws ftp 3.1.0 |
||
ipswitch ws ftp 5.00 |
||
ipswitch ws ftp 3.0 |
||
ipswitch ws ftp 2.03 |
||
ipswitch ws ftp 3.14 |
||
ipswitch ws ftp 5.03 |
||
ipswitch ws ftp 5.04 |
||
ipswitch ws ftp 6.0 |
||
ipswitch ws ftp 3.0.1 |
||
ipswitch ws ftp 2.01 |