Short Name |
FTP:COMMAND:GET-CMD-DIR-TRAV-2 |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
Multiple FTP Server GET Command Directory Traversal 2 |
Release Date |
2015/06/14 |
Update Number |
2506 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects directory traversal attempts to download a file from a malicious server. The server can embed a directory traversal attack in the filename to specify the exact file download location on the client machine.
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.