Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3867


Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.


Published

2010-11-09T21:00:04.413

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application proftpd proftpd 1.2.10 Yes
Application proftpd proftpd 1.2.10 Yes
Application proftpd proftpd 1.2.10 Yes
Application proftpd proftpd 1.2.10 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.0 Yes
Application proftpd proftpd 1.3.1 Yes
Application proftpd proftpd 1.3.1 Yes
Application proftpd proftpd 1.3.1 Yes
Application proftpd proftpd 1.3.1 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.2 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes
Application proftpd proftpd 1.3.3 Yes

References