CVE-2004-2487 Information

Description

Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) ..\ (2) \..\\ (backslash dot dot) or (3) /../\ sequences in (a) RETR (get) (b) NLST (ls) (c) LIST (ls) (d) RNFR or (e) RNTO FTP commands.

Reference

http://secunia.com/advisories/11216 http://www.nexgenserver.com/cgi-bin/loadframe2.cgi?/History.html http://www.osvdb.org/4557 http://www.securityfocus.com/bid/9970 http://www.securitytracker.com/alerts/2004/Mar/1009545.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15594