Sign-up

ID

VAR-200408-0219


CVE

CVE-2004-1643


TITLE

Progress Software Ipswitch WS_FTP Server Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200408-226

DESCRIPTION

WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. WS_FTP Server is reported prone to a remote denial of service vulnerability. This issue presents itself when the application processes a malformed file path through the 'cd' command. WS_FTP Server version 5.0.2 is reported prone to this issue, however, other versions may be affected as well. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption. There is a security vulnerability in Progress Software Ipswitch WS_FTP Server version 5.0.2

Trust: 1.26

sources: NVD: CVE-2004-1643 // BID: 11065 // VULHUB: VHN-10073

AFFECTED PRODUCTS

vendor:progressmodel:ws ftp serverscope:eqversion:5.0.2

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.0.2

Trust: 0.9

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.0.3

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:5.04

Trust: 0.3

vendor:ipswitchmodel:ws ftp server hotfixscope:neversion:5.041

Trust: 0.3

sources: BID: 11065 // CNNVD: CNNVD-200408-226 // NVD: CVE-2004-1643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1643
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200408-226
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10073
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-1643
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10073
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10073 // CNNVD: CNNVD-200408-226 // NVD: CVE-2004-1643

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-226

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200408-226

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10073

EXTERNAL IDS
db:BIDid:11065
Trust: 2.0
db:NVDid:CVE-2004-1643
Trust: 1.7
db:SECUNIAid:12406
Trust: 1.7
db:CNNVDid:CNNVD-200408-226
Trust: 0.7
db:EXPLOIT-DBid:24416
Trust: 0.1
db:SEEBUGid:SSVID-78148
Trust: 0.1
db:VULHUBid:VHN-10073
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10073 // 
            
            
            
            BID: 11065 // 
            
            
            
            CNNVD: CNNVD-200408-226 // 
            
            
            
            NVD: CVE-2004-1643

REFERENCES
url:http://www.securityfocus.com/bid/11065
Trust: 1.7
url:http://secunia.com/advisories/12406
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17155
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=109389890712888&w=2
Trust: 1.6
url:http://www.ipswitch.com/support/ws_ftp-server/index.asp
Trust: 0.3
url:/archive/1/373420
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=109389890712888&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10073 // 
            
            
            
            BID: 11065 // 
            
            
            
            CNNVD: CNNVD-200408-226 // 
            
            
            
            NVD: CVE-2004-1643

CREDITS
This issue was disclosed by lion <lion@cnhonker.net>.
Trust: 0.9
sources:
            
            
            BID: 11065 // 
            
            
            
            CNNVD: CNNVD-200408-226

SOURCES
db:VULHUBid:VHN-10073
db:BIDid:11065
db:CNNVDid:CNNVD-200408-226
db:NVDid:CVE-2004-1643

LAST UPDATE DATE
2024-08-14T14:08:58.797000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10073date:2019-08-13T00:00:00
db:BIDid:11065date:2004-08-30T00:00:00
db:CNNVDid:CNNVD-200408-226date:2020-05-11T00:00:00
db:NVDid:CVE-2004-1643date:2023-10-11T14:45:44.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-10073date:2004-08-29T00:00:00
db:BIDid:11065date:2004-08-30T00:00:00
db:CNNVDid:CNNVD-200408-226date:2004-08-29T00:00:00
db:NVDid:CVE-2004-1643date:2004-08-29T04:00:00