English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.18262
Category:Remote file access
Title:TFTP Directory Traversal Vulnerabilities - Active Check
Summary:The TFTP (Trivial File Transfer Protocol) allows remote users to; read files without having to log in.;; This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by; the admin of the remote host.
Description:Summary:
The TFTP (Trivial File Transfer Protocol) allows remote users to
read files without having to log in.

This may be a big security flaw, especially if tftpd (the TFTP server) is not well configured by
the admin of the remote host.

Solution:
Disable the tftp daemon, or if you really need it
run it in a chrooted environment

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-1999-0183
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0183
XForce ISS Database: linux-tftp
Common Vulnerability Exposure (CVE) ID: CVE-1999-0498
Cert/CC Advisory: CA-91.18.Active.Internet.tftp.Attacks
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0498
Common Vulnerability Exposure (CVE) ID: CVE-2002-2353
BugTraq ID: 6198
http://www.securityfocus.com/bid/6198
CERT/CC vulnerability note: VU#632633
http://www.kb.cert.org/vuls/id/632633
http://www.securiteam.com/windowsntfocus/6D00D2061G.html
http://www.iss.net/security_center/static/10646.php
Common Vulnerability Exposure (CVE) ID: CVE-2009-0271
BugTraq ID: 33344
http://www.securityfocus.com/bid/33344
http://osvdb.org/51487
http://secunia.com/advisories/33594
http://www.vupen.com/english/advisories/2009/0176
Common Vulnerability Exposure (CVE) ID: CVE-2009-0288
BugTraq ID: 33287
http://www.securityfocus.com/bid/33287
Bugtraq: 20090115 TFTPUtil GUI TFTP Directory Traversal (Google Search)
http://www.securityfocus.com/archive/1/500106/100/0/threaded
http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal
http://secunia.com/advisories/33561
XForce ISS Database: tftputil-tftpget-directory-traversal(48019)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48019
Common Vulnerability Exposure (CVE) ID: CVE-2009-1161
BugTraq ID: 35040
http://www.securityfocus.com/bid/35040
Cisco Security Advisory: 20090520 CiscoWorks TFTP Directory Traversal Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
http://jvn.jp/en/jp/JVN62527913/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
http://osvdb.org/54616
http://securitytracker.com/id?1022263
http://secunia.com/advisories/35179
http://www.vupen.com/english/advisories/2009/1390
CopyrightCopyright (C) 2005 Michel Arboi

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.