CVE-2001-0452

Description

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.

Affected products

• brs / webweaver0.49_beta – 0.49_beta
• brs / webweaver0.50_beta – 0.50_beta
• brs / webweaver0.51_beta – 0.51_beta
• brs / webweaver0.52_beta – 0.52_beta
• brs / webweaver0.60_beta – 0.60_beta
• brs / webweaver0.61_beta – 0.61_beta
• brs / webweaver0.62_beta – 0.62_beta

References

• MISChttp://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
• MISChttp://www.securityfocus.com/bid/2676
• MISChttp://www.securityfocus.com/archive/1/180506