VULNERABILITIES \ FIXES - August 27, 2007
by Marianna Schmudlach - 8/27/07 8:17 AM
Ipswitch WS_FTP Server FTP Command Logging Script Insertion Vulnerability
Advisory ID : FrSIRT/ADV-2007-2967
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-27
A vulnerability has been identified in Ipswitch WS_FTP Server, which could be exploited by malicious users to execute arbitrary scripting code. This issue is caused by an input validation error when logging and displaying arguments passed to valid FTP commands, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrators's browser in the security context of an affected Web site.
Ipswitch WS_FTP Server version 6 and prior
The FrSIRT is not aware of any official supplied patch for this issue.
Vulnerability reported by John Harwold (VDA Labs).