CVE-2005-1244
Title: NetIQ third party tool directory traversal arbitrary file access (Disputed)
Directory Traversal, Arbitrary File Access
Proof Of Concept
No public PoC currently indexed for CVE-2005-1244.
CWE Category
NVD-CWE-noinfo
Published Date
Apr 20, 2005
Modified Date
Apr 03, 2025
Exploit Status
Not Found
Score
7.5
CVSS v2.0
Exploit Probability (EPSS)
0.65%
Vulnerability Summary
CVE-2005-1244: Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.
Impacted Vendors
Reference Links
http://securitytracker.com/id?1013810
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
http://securitytracker.com/id?1013810
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:N/C:P/I:P/A:P
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2005-1244 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Stack
No specific products linked.