CVE-2001-0680
published 2001-09-20CVE-2001-0680: Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
6.00%
92.4th percentile
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qpc_software | avt_term | — | — |
| qpc_software | qvt_net | — | — |
| qpc_software | qvt_net | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandLIST .. ..
snort
alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP LIST directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; content:".."; distance:1; content:".."; distance:1; reference:cve,2002-1054; reference:bugtraq,2618; reference:nessus,11112; reference:cve,2001-0680; classtype:protocol-command-decode; sid:2101992; rev:12; metadata:created_at 2010_09_23, cve CVE_2001_0680, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
- →Detect FTP LIST commands containing '..' sequences (dot-dot directory traversal) sent from external hosts to FTP servers. The Snort rule (sid:2101992) matches on an established FTP control connection where 'LIST' is followed by at least two '..' tokens.
- →The vulnerability is exploited via a 'dot dot' attack in a LIST (ls) FTP command, enabling directory traversal on the server. Monitor FTP control channel traffic for LIST commands with path components containing '..'. ↗
- ·The Snort rule (sid:2101992) cross-references CVE-2002-1054 and BugTraq 2618 in addition to CVE-2001-0680, indicating it is a broader signature covering multiple related FTP LIST traversal vulnerabilities and not exclusively scoped to QPC QVT/Net 4.0 and AVT/Term 5.0.
- ·The affected products are specifically QPC QVT/Net 4.0 and AVT/Term 5.0 FTP daemons. Deployments not running these versions may still benefit from the generic traversal detection rule but should scope tuning accordingly. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL FTP LIST directory traversal attempt
suricata·2010-09-23
CVE-2002-1054 GPL FTP LIST directory traversal attempt
GPL FTP LIST directory traversal attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP LIST directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; content:".."; distance:1; content:".."; distance:1; reference:cve,2002-1054; reference:bugtraq,2618; reference:nessus,11112; reference:cve,2001-0680; classtype:protocol-command-decode; sid:2101992; rev:12; metadata:created_at 2010_09_23, cve CVE_2001_0680, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
No public exploits indexed.
Tenable
Verizon 2016 DBIR – Most Interesting Things
blogs_tenable·2016-05-18
Verizon 2016 DBIR – Most Interesting Things
by Andrew Freeborn May 18, 2016
The Verizon Data Breach Investigation Report (DBIR), first published in 2008, is an annual publication that analyzes information security incidents from public and private organizations, with a focus on data breaches. Data breaches continue to have a major financial impact on organizations, as well as an impact on their reputations. Tenable Network Security offers dashboards and Assurance Report Cards (ARCs) that organizations can use to check themselves against the common threats described in the Verizon DBIR. As in previous years, the 2016 DBIR notes that a vast majority of all attacks fall into a few basic patterns. Throughout this and past years’ reports, suggestions are given for monitoring the network for each of these patterns. This dashboard can ass
Tenable
Verizon 2016 DBIR – Most Common Vulnerabilities
blogs_tenable·2016-05-18
Verizon 2016 DBIR – Most Common Vulnerabilities
by Andrew Freeborn May 18, 2016
The Verizon Data Breach Investigation Report (DBIR), first published in 2008, is an annual publication that analyzes information security incidents from public and private organizations, with a focus on data breaches. Data breaches continue to have a major financial impact on organizations, as well as an impact on their reputations. Tenable Network Security offers dashboards and Assurance Report Cards (ARCs) that can assist organizations in meeting many of the recommendations and best practices in the DBIR. As in previous years, the 2016 DBIR notes that a vast majority of all attacks fall into a few basic patterns. Throughout this and past years’ reports, suggestions are given for monitoring the network for each of these patterns. This ARC can assist an org
http://online.securityfocus.com/archive/1/216555http://www.osvdb.org/1794http://www.osvdb.org/4050http://www.securityfocus.com/archive/1/176712http://www.securityfocus.com/bid/2618https://exchange.xforce.ibmcloud.com/vulnerabilities/6375http://online.securityfocus.com/archive/1/216555http://www.osvdb.org/1794http://www.osvdb.org/4050http://www.securityfocus.com/archive/1/176712http://www.securityfocus.com/bid/2618https://exchange.xforce.ibmcloud.com/vulnerabilities/6375
2001-09-20
Published