CVE-2005-0372
published 2005-05-02CVE-2005-0372: Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
3.65%
88.2th percentile
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gftp | < gftp 2.0.18-1 (bookworm) | gftp 2.0.18-1 (bookworm) |
| gnome | gtk | < 2.0.18 | 2.0.18 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q4r9-w6v3-92hp: Directory traversal vulnerability in gftp before 2
ghsa_unreviewed·2022-05-01
CVE-2005-0372 [MEDIUM] CWE-22 GHSA-q4r9-w6v3-92hp: Directory traversal vulnerability in gftp before 2
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
OSV
CVE-2005-0372: Directory traversal vulnerability in gftp before 2
osv·2005-05-02·CVSS 5.0
CVE-2005-0372 [MEDIUM] CVE-2005-0372: Directory traversal vulnerability in gftp before 2
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Red Hat
security flaw
vendor_redhat·2005-02-14·CVSS 5.0
CVE-2005-0372 [MEDIUM] security flaw
security flaw
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Debian
CVE-2005-0372: gftp - Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote m...
vendor_debian·2005·CVSS 5.0
CVE-2005-0372 [MEDIUM] CVE-2005-0372: gftp - Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote m...
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Scope: local
bookworm: resolved (fixed in 2.0.18-1)
bullseye: resolved (fixed in 2.0.18-1)
forky: resolved (fixed in 2.0.18-1)
sid: resolved (fixed in 2.0.18-1)
trixie: resolved (fixed in 2.0.18-1)
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000957http://www.debian.org/security/2005/dsa-686http://www.gentoo.org/security/en/glsa/glsa-200502-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:050http://www.redhat.com/support/errata/RHSA-2005-410.htmlhttp://www.securityfocus.com/advisories/8379http://www.securityfocus.com/advisories/8380http://www.securityfocus.com/bid/12539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A717https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9923http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000957http://www.debian.org/security/2005/dsa-686http://www.gentoo.org/security/en/glsa/glsa-200502-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:050http://www.redhat.com/support/errata/RHSA-2005-410.htmlhttp://www.securityfocus.com/advisories/8379http://www.securityfocus.com/advisories/8380http://www.securityfocus.com/bid/12539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A717https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9923
2005-05-02
Published