Summary
| Detail | |||
|---|---|---|---|
| Vendor | Solarwinds | First view | 2002-11-04 |
| Product | Tftp Server | Last view | 2009-09-09 |
| Version | 5.0.55_standard | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:solarwinds:tftp_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2009-09-09 | CVE-2009-3115 | SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information. |
| 5 | 2006-04-24 | CVE-2006-1951 | Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. |
| 5 | 2003-03-31 | CVE-2002-1542 | SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. |
| 5 | 2002-11-04 | CVE-2002-1209 | Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 57570 | SolarWinds TFTP Server OACK Request Remote DoS |
| 24992 | SolarWinds TFTP Server Traversal Arbitrary File Access |
| 11220 | SolarWinds TFTP Server Large UDP Datagram DoS |
| 8947 | SolarWinds TFTP Server Double Dot Traversal Arbitrary File Access |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-08-31 | Name : SolarWinds TFTP Server Option Acknowledgement Request Denial Of Service Vulne... File : nvt/SolarWinds_TFTP.nasl |
| 2005-11-03 | Name : TFTPD overflow File : nvt/tftpd_overflow.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | parent directory RuleID : 519-community - Type : PROTOCOL-TFTP - Revision : 15 |
| 2014-01-10 | parent directory RuleID : 519 - Type : PROTOCOL-TFTP - Revision : 15 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2005-05-16 | Name: The remote host has an application that is affected by a buffer overflow vuln... File: tftpd_overflow.nasl - Type: ACT_FLOOD |
