CVE-2014-1843
published 2014-04-29CVE-2014-1843: Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.67%
90.6th percentile
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| southrivertech | titan_ftp_server | <= 10.40 | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
| southrivertech | titan_ftp_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3v2q-6r8m-3j96: Directory traversal vulnerability in the web interface in Titan FTP Server before 10
ghsa_unreviewed·2022-05-17
CVE-2014-1843 [MEDIUM] CWE-22 GHSA-3v2q-6r8m-3j96: Directory traversal vulnerability in the web interface in Titan FTP Server before 10
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.
Red Hat
docker: regression of CVE-2014-5277
vendor_redhat·2015-03-27·CVSS 5.0
CVE-2015-1843 [MEDIUM] CWE-300 docker: regression of CVE-2014-5277
docker: regression of CVE-2014-5277
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression.
It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.
No detection rules found.
Exploit-DB
Titan FTP Server 10.32 Build 1816 - Directory Traversal
exploitdb·2014-02-11·CVSS 5.0
CVE-2014-1843 [MEDIUM] Titan FTP Server 10.32 Build 1816 - Directory Traversal
Titan FTP Server 10.32 Build 1816 - Directory Traversal
---
"Titan FTP Server Directory Traversal Vulnerabilities"
- Affected Vendor: South River Technologies
- Affected System: Titan FTP Server software (Version 10.32 Build 1816)
- Vendor Disclosure Date: January 27th, 2014
- Public Disclosure Date: February 10h, 2014
- Vulnerabilities' Status: Fixed
Associated CVEs:
1) CVE-2014-1841:
It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
2) CVE-2014-1842:
It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
3) CVE-2014-1843:
It is possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the
Nuclei
Titan FTP Server < 10.40 - User Properties Traversal
nuclei·CVSS 5.0
CVE-2014-1843 [MEDIUM] Titan FTP Server < 10.40 - User Properties Traversal
Titan FTP Server < 10.40 - User Properties Traversal
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability that allows remote attackers to view "Properties" of user folders via path traversal. This enables user enumeration and access to sensitive user information that could aid in launching further attacks.
Template:
id: CVE-2014-1843
info:
name: Titan FTP Server < 10.40 - User Properties Traversal
author: pussycat0x
severity: medium
description: |
Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability that allows remote attackers to view "Properties" of user folders via path traversal. This enables user enumeration and access to sensitive user information that could aid in launching further attacks.
imp
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.htmlhttp://www.exploit-db.com/exploits/31579http://www.osvdb.org/103197http://www.securityfocus.com/bid/65469http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.htmlhttp://www.exploit-db.com/exploits/31579http://www.osvdb.org/103197http://www.securityfocus.com/bid/65469
2014-04-29
Published