QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5692

Published: Dec 19, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://aluigi.altervista.org/adv/wsftpweblog-adv.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

20080206 Re: Logs visualization in WS_FTP Server Manager 6.1.0.0

mailing-list

x_refsource_BUGTRAQ

20080206 Logs visualization in WS_FTP Server Manager 6.1.0.0

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.