CVE-2001-1335
published 2001-05-27CVE-2001-1335: Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.19%
94.2th percentile
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aclogic | cesarftp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CAPEC
URL Encoding
mitre_capec
[HIGH] URL Encoding
CAPEC-72: URL Encoding
This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL.
Execution Flow:
Step 1 [Explore]: [Survey web application for URLs with parameters] Using a browser, an automated tool or by inspecting the application, an adversary records all URLs that contain parameters.
Technique: Use a spidering tool to follow and record all links and analyze the web pages to find entry points. Make special note of any links that include parameters in the URL.
Step 2 [Experiment]: [Probe URLs to locate vulnerabilities] The adversary uses the URLs gathered in the "Explore" phase as a target list and tests parameters with different encodings of special characters to see how the web applicat
CAPEC
Using Slashes and URL Encoding Combined to Bypass Validation Logic
mitre_capec
[HIGH] Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic
This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the
http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.htmlhttp://www.iss.net/security_center/static/6606.phphttp://www.securityfocus.com/bid/2786http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.htmlhttp://www.iss.net/security_center/static/6606.phphttp://www.securityfocus.com/bid/2786
2001-05-27
Published