CVE-2008-2795 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Idm Computer Solutions Inc	Ultraedit

Configuration 1 [-]

cpe:2.3:a:idm_computer_solutions_inc:ultraedit:14.00b:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/30749
http://vuln.sg/ultraedit1400b-en.html
http://www.securityfocus.com/bid/29784
http://www.vupen.com/english/advisories/2008/1864/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43149

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-20T10:00:00

Updated: 2024-08-07T09:14:14.963Z

Reserved: 2008-06-19T00:00:00

Link: CVE-2008-2795

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-06-20T11:48:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2795

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\\ (dot dot backslash) in a response to a LIST command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30749"}, {"name": "ultraedit-list-directory-traversal(43149)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43149"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/ultraedit1400b-en.html"}, {"name": "29784", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29784"}, {"name": "ADV-2008-1864", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1864/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-2795", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\\ (dot dot backslash) in a response to a LIST command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30749"}, {"name": "ultraedit-list-directory-traversal(43149)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43149"}, {"name": "http://vuln.sg/ultraedit1400b-en.html", "refsource": "MISC", "url": "http://vuln.sg/ultraedit1400b-en.html"}, {"name": "29784", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29784"}, {"name": "ADV-2008-1864", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1864/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.963Z"}, "title": "CVE Program Container", "references": [{"name": "30749", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30749"}, {"name": "ultraedit-list-directory-traversal(43149)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43149"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vuln.sg/ultraedit1400b-en.html"}, {"name": "29784", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29784"}, {"name": "ADV-2008-1864", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1864/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2795", "datePublished": "2008-06-20T10:00:00", "dateReserved": "2008-06-19T00:00:00", "dateUpdated": "2024-08-07T09:14:14.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idm_computer_solutions_inc:ultraedit:14.00b:*:*:*:*:*:*:*", "matchCriteriaId": "29FEC619-63D0-42C6-8121-20779E84EB22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\\ (dot dot backslash) in a response to a LIST command."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en los clientes FTP y SFTP de IDM Computer Solutions Inc UltraEdit versi\u00f3n 14.00b permite a servidores FTP remotos crear o sobreescribir ficheros de su elecci\u00f3n mediante el uso de caracteres .. (punto punto) o ..\\ (punto punto barra invertida) en una respuesta al comando LIST."}], "id": "CVE-2008-2795", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-20T11:48:00.000", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "http://secunia.com/advisories/30749"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://vuln.sg/ultraedit1400b-en.html"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29784"}, {"source": "[email protected]", "url": "http://www.vupen.com/english/advisories/2008/1864/references"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://secunia.com/advisories/30749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://vuln.sg/ultraedit1400b-en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1864/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43149"}], "sourceIdentifier": "[email protected]", "vendorComments": [{"comment": "This issue was resolved and patched on 6/10/2008.", "lastModified": "2012-03-06T00:00:00", "organization": "UltraEdit"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}