cbcvebase.
CVE-2001-0680
published 2001-09-20

CVE-2001-0680: Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot…

PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
6.00%
92.4th percentile
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.

Affected

3 ranges
VendorProductVersion rangeFixed in
qpc_softwareavt_term
qpc_softwareqvt_net
qpc_softwareqvt_net

Detection & IOCsextracted from sources · hover to see the quote

commandLIST .. ..
snort
alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP LIST directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; content:".."; distance:1; content:".."; distance:1; reference:cve,2002-1054; reference:bugtraq,2618; reference:nessus,11112; reference:cve,2001-0680; classtype:protocol-command-decode; sid:2101992; rev:12; metadata:created_at 2010_09_23, cve CVE_2001_0680, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
  • Detect FTP LIST commands containing '..' sequences (dot-dot directory traversal) sent from external hosts to FTP servers. The Snort rule (sid:2101992) matches on an established FTP control connection where 'LIST' is followed by at least two '..' tokens.
  • The vulnerability is exploited via a 'dot dot' attack in a LIST (ls) FTP command, enabling directory traversal on the server. Monitor FTP control channel traffic for LIST commands with path components containing '..'.
  • ·The Snort rule (sid:2101992) cross-references CVE-2002-1054 and BugTraq 2618 in addition to CVE-2001-0680, indicating it is a broader signature covering multiple related FTP LIST traversal vulnerabilities and not exclusively scoped to QPC QVT/Net 4.0 and AVT/Term 5.0.
  • ·The affected products are specifically QPC QVT/Net 4.0 and AVT/Term 5.0 FTP daemons. Deployments not running these versions may still benefit from the generic traversal detection rule but should scope tuning accordingly.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.