CVE-2001-0255
published 2001-06-02CVE-2001-0255: FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.49%
93.7th percentile
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastream | fastream_ftp_+_+_server | — | — |
| fastream | fastream_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Absolute Path Traversal
mitre_cwe
CWE-36 Absolute Path Traversal
CWE-36: Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands. The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Scope: Integrity. Impact: Modify Files or Directories. The attacker may be able to overwrite or create
CWE
Path Traversal: 'C:dirname'
mitre_cwe
CWE-39 Path Traversal: 'C:dirname'
CWE-39: Path Traversal: 'C:dirname'
The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands. The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Scope: Integrity. Impact: Modify Files or Directories. The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending
2001-06-02
Published