|
IPSwitch WS_FTP Server Manager Security Bypass
|
|
Secunia Advisory:
|
SA28822
|
|
|
Release Date:
|
2008-02-07
|
|
Last Update:
|
2008-08-29
|
|
Popularity:
|
2,303 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | WS_FTP Server 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Luigi Auriemma has discovered a security issue in IPSwitch WS_FTP Server, which can be exploited by malicious people to bypass certain access restrictions and disclose sensitive information.
The security issue is caused due to an error within the WS_FTP Server Manager when processing HTTP requests for the FTPLogServer/LogViewer.asp script. This can be exploited to gain access to the log viewing interface by e.g. logging out and directly accessing the FTPLogServer/LogViewer.asp script.
The security issue is confirmed in WS_FTP Server Manager included in WS_FTP Server version 6.1. Other versions may also be affected.
Solution:
Update to version 6.1.1.
Provided and/or discovered by:
Luigi Auriemma
Changelog:
2008-08-29: Updated "Solution" and "Original Advisory" sections.
Original Advisory:
Ipswitch:
http://docs.ipswitch.com/WS_FTP_Serve...e_ws_ftpserverv611releasenotes#link12
Luigi Auriemma:
http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
