CVE-2008-5692

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
ipswitchws_ftp
𝑥
≤ 6.1
ipswitchws_ftp
1.0.5
ipswitchws_ftp
2.01
ipswitchws_ftp
2.02
ipswitchws_ftp
2.03
ipswitchws_ftp
3.0
ipswitchws_ftp
3.0.1
ipswitchws_ftp
3.1.0
ipswitchws_ftp
3.1.1
ipswitchws_ftp
3.1.2
ipswitchws_ftp
3.1.3
ipswitchws_ftp
3.14
ipswitchws_ftp
4.00
ipswitchws_ftp
4.01
ipswitchws_ftp
4.02
ipswitchws_ftp
5.00
ipswitchws_ftp
5.01
ipswitchws_ftp
5.02
ipswitchws_ftp
5.03
ipswitchws_ftp
5.04
ipswitchws_ftp
5.05
ipswitchws_ftp
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
http://secunia.com/advisories/28822
http://securityreason.com/securityalert/4799
http://www.securityfocus.com/archive/1/487686/100/200/threaded
http://www.securityfocus.com/archive/1/487697/100/200/threaded
http://www.securityfocus.com/bid/27654
http://www.vupen.com/english/advisories/2008/0473
http://aluigi.altervista.org/adv/wsftpweblog-adv.txt
http://docs.ipswitch.com/WS_FTP_Server611/ReleaseNotes/index.htm?k_id=ipswitch_ftp_documents_worldwide_ws_ftpserverv611releasenotes#link12
http://secunia.com/advisories/28822
http://securityreason.com/securityalert/4799
http://www.securityfocus.com/archive/1/487686/100/200/threaded
http://www.securityfocus.com/archive/1/487697/100/200/threaded
http://www.securityfocus.com/bid/27654
http://www.vupen.com/english/advisories/2008/0473