Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

CVE-2010-20113

CVSS SCORE:9.3

CVE ID:CVE-2010-20113

SEVERITY:High

Vendor:Unknown Vendor

Reporter:disclosure@vulncheck.com

Exploitable?Yes

Summary

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

CVSS Metrics

Source: disclosure@vulncheck.com

version4

vectorStringCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

baseScore9.3

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredNONE

userInteractionNONE

scope

confidentialityImpact

integrityImpact

availabilityImpact