Sign-up

ID

VAR-200812-0135


CVE

CVE-2008-5693


TITLE

Ipswitch WS_FTP Server Manager Etc. WSFTPSVR/ Subordinate custom ASP Vulnerability to read file contents

Trust: 0.8

sources: JVNDB: JVNDB-2008-005195

DESCRIPTION

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information. These issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be affected. Ipswitch WS_FTP Server is a highly secure and easy-to-manage file transfer server

Trust: 1.98

sources: NVD: CVE-2008-5693 // JVNDB: JVNDB-2008-005195 // BID: 27654 // VULHUB: VHN-35818

AFFECTED PRODUCTS

vendor:ipswitchmodel:ws ftpscope:eqversion:2.02

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:5.02

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:5.03

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:5.04

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:4.02

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:2.01

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:5.05

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:1.0.5

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:4.01

Trust: 1.6

vendor:ipswitchmodel:ws ftpscope:eqversion:3.14

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:lteversion:6.1

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:2.03

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:6.0

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.0

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.0.1

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:5.01

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:5.00

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:4.00

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.1.1

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.1.2

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.1.0

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:eqversion:3.1.3

Trust: 1.0

vendor:ipswitchmodel:ws ftpscope:lteversion:server manager 6.1.0.0

Trust: 0.8

vendor:ipswitchmodel:ws ftpscope:eqversion:6.1

Trust: 0.6

vendor:ipswitchmodel:ws ftp server managerscope:eqversion:6.1.0.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:6.1.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:eqversion:6.0

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:neversion:6.1.1

Trust: 0.3

vendor:ipswitchmodel:ws ftp serverscope:neversion:7.1

Trust: 0.3

sources: BID: 27654 // JVNDB: JVNDB-2008-005195 // CNNVD: CNNVD-200812-406 // NVD: CVE-2008-5693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5693
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-5693
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200812-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-35818
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-5693
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-35818
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-35818 // JVNDB: JVNDB-2008-005195 // CNNVD: CNNVD-200812-406 // NVD: CVE-2008-5693

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-35818 // JVNDB: JVNDB-2008-005195 // NVD: CVE-2008-5693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200812-406

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200812-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005195

PATCH
title:WS_FTPurl:http://www.ipswitchft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005195

EXTERNAL IDS
db:NVDid:CVE-2008-5693
Trust: 2.8
db:BIDid:27654
Trust: 2.0
db:SREASONid:4799
Trust: 1.7
db:JVNDBid:JVNDB-2008-005195
Trust: 0.8
db:BUGTRAQid:20080206 RE: LOGS VISUALIZATION IN WS_FTP SERVER MANAGER 6.1.0.0
Trust: 0.6
db:BUGTRAQid:20080206 LOGS VISUALIZATION IN WS_FTP SERVER MANAGER 6.1.0.0
Trust: 0.6
db:XFid:47677
Trust: 0.6
db:CNNVDid:CNNVD-200812-406
Trust: 0.6
db:VULHUBid:VHN-35818
Trust: 0.1
sources:
            
            
            VULHUB: VHN-35818 // 
            
            
            
            BID: 27654 // 
            
            
            
            JVNDB: JVNDB-2008-005195 // 
            
            
            
            CNNVD: CNNVD-200812-406 // 
            
            
            
            NVD: CVE-2008-5693

REFERENCES
url:http://www.securityfocus.com/bid/27654
Trust: 1.7
url:http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
Trust: 1.7
url:http://securityreason.com/securityalert/4799
Trust: 1.7
url:http://www.securityfocus.com/archive/1/487686/100/200/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/487697/100/200/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/47677
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5693
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5693
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/47677
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/487697/100/200/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/487686/100/200/threaded
Trust: 0.6
url:http://www.ipswitch.com/products/ws_ftp/home/index.asp
Trust: 0.3
url:/archive/1/487682
Trust: 0.3
url:http://www.ipswitchft.com/support/ws_ftp_server/releases/wr611.asp
Trust: 0.3
sources:
            
            
            VULHUB: VHN-35818 // 
            
            
            
            BID: 27654 // 
            
            
            
            JVNDB: JVNDB-2008-005195 // 
            
            
            
            CNNVD: CNNVD-200812-406 // 
            
            
            
            NVD: CVE-2008-5693

CREDITS
Luigi Auriemma is credited with the discovery of these vulnerabilities.
Trust: 0.3
sources:
            
            
            BID: 27654

SOURCES
db:VULHUBid:VHN-35818
db:BIDid:27654
db:JVNDBid:JVNDB-2008-005195
db:CNNVDid:CNNVD-200812-406
db:NVDid:CVE-2008-5693

LAST UPDATE DATE
2025-04-10T22:56:54.162000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-35818date:2018-10-11T00:00:00
db:BIDid:27654date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2008-005195date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200812-406date:2009-02-18T00:00:00
db:NVDid:CVE-2008-5693date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-35818date:2008-12-19T00:00:00
db:BIDid:27654date:2008-02-06T00:00:00
db:JVNDBid:JVNDB-2008-005195date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200812-406date:2008-12-19T00:00:00
db:NVDid:CVE-2008-5693date:2008-12-19T18:30:00.437