cvelistv5 - cve-2004-1884

cve-2004-1884

Vulnerability from cvelistv5

Published

2005-05-10 04:00

Modified

2024-08-08 01:07

Severity ?

Summary

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=108006581418116&w=2
cve@mitre.org	http://secunia.com/advisories/11206	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/9953	Exploit, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/15558
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=108006581418116&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11206	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/9953	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/15558

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:07:48.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20040323 Open the WS_FTP Server backdoor to SYSTEM",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
          },
          {
            "name": "wftp-site-gain-priviliege(15558)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
          },
          {
            "name": "11206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11206"
          },
          {
            "name": "9953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9953"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20040323 Open the WS_FTP Server backdoor to SYSTEM",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
        },
        {
          "name": "wftp-site-gain-priviliege(15558)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
        },
        {
          "name": "11206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11206"
        },
        {
          "name": "9953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9953"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040323 Open the WS_FTP Server backdoor to SYSTEM",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
            },
            {
              "name": "wftp-site-gain-priviliege(15558)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
            },
            {
              "name": "11206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11206"
            },
            {
              "name": "9953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9953"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1884",
    "datePublished": "2005-05-10T04:00:00",
    "dateReserved": "2005-05-04T00:00:00",
    "dateUpdated": "2024-08-08T01:07:48.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-1884\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-03-23T05:00:00.000\",\"lastModified\":\"2024-11-20T23:51:58.520\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_pro:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69C53D89-E5B6-4734-8CDC-D81C1975640B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_pro:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6CA6D1-772C-4D26-8786-A837B6A7DEC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC2F765A-DB53-4DD9-8E63-B819D7506B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D40A899-6605-4AA0-A415-99E0792238EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B30C60A-2716-4464-A9CD-2649DC763037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44A4DEB6-8E4B-4DAD-911C-DCC26D4C9DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A886D80F-D72C-4BDF-A65F-27CA82348C48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0D7240-62C8-4003-A840-98E818709D9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA99A58B-F751-4C04-B41B-CBE94998AA42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D8225C-A74A-451E-9589-F1E00E4728D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3438AF-FCF1-4D77-83D5-27B9989F0683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"843B6647-BF92-46D1-ADEE-92088D9AD1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B80A25-3860-4CF5-B8ED-5370EBB42455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B58011-9D3B-432C-93B1-47938F7E2D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50BE9ECB-4799-48BD-B3BE-7EE27FE3AA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBC59D2-405D-4374-812A-A3AEE0D6D594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"755C3FB5-5D5B-4732-86F9-68A6612BC819\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968C0544-A2F5-4FA6-A4B8-89113EE95B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33B458B-F945-4D1A-81B7-F07CCC183C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D662A9-5D1B-465E-A4B1-A4C86BA207C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBA7690C-8ADA-462E-B671-4D4CB243A483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B11EAC-796C-43E4-A150-F3FE3F19A058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71B59A7-9467-4729-9A24-D5291C059E66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1D0E89-C64F-4027-BF44-8F7159A5AE21\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/11206\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/9953\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/15558\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/11206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/9953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/15558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2004-1884

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

Aliases

CVE-2004-1884

Aliases

CVE-2004-1884

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-1884",
    "description": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.",
    "id": "GSD-2004-1884"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-1884"
      ],
      "details": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.",
      "id": "GSD-2004-1884",
      "modified": "2023-12-13T01:22:56.748585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-1884",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20040323 Open the WS_FTP Server backdoor to SYSTEM",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
          },
          {
            "name": "wftp-site-gain-priviliege(15558)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
          },
          {
            "name": "11206",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/11206"
          },
          {
            "name": "9953",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/9953"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_pro:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_pro:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1884"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9953",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/9953"
            },
            {
              "name": "11206",
              "refsource": "SECUNIA",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/11206"
            },
            {
              "name": "20040323 Open the WS_FTP Server backdoor to SYSTEM",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
            },
            {
              "name": "wftp-site-gain-priviliege(15558)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-10-11T14:45Z",
      "publishedDate": "2004-03-23T05:00Z"
    }
  }
}

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. The issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. These issues are undergoing further analysis. This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200403-0095",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "3.0_1"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ipswitch",
        "version": "7.5"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ipswitch",
        "version": "6.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "ipswitch",
        "version": "4.01"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.4"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "8.0_2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.5"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "4.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.1"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "8.0_3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "4.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "3.1.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "2.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "progress",
        "version": "1.0.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "3.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "3.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "2.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "1.0.5"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "1.0.4"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "8.03"
      },
      {
        "model": "ws ftp pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "8.02"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "4.02"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "4.0"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "3.4"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "3.1.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "3.1.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "3.1.1"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "3.01"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "1.0.3"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "1.0.2"
      },
      {
        "model": "ws ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "1.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery is credited to Hugh Mann \u003chughmann@hotmail.com\u003e.",
    "sources": [
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-1884",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2004-1884",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-10313",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2004-1884",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200403-097",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-10313",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. Multiple vulnerabilities have been identified in the WS_FTP Server and client applications. \nThe issues include two remote buffer overflow vulnerabilities in the client, a denial of service vulnerability in the server and an access validation issue in the server leading to remote command execution with SYSTEM privileges. \nThese issues are undergoing further analysis.  This BID will be divided into separate issues as analysis is completed. Progress Software Ipswitch WS_FTP Server is a set of FTP server software developed by Progress Software Company in the United States. It provides functions such as file transfer control and transfer encryption",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      },
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      }
    ],
    "trust": 1.26
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "9953",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "11206",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-10313",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "id": "VAR-200403-0095",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:36:38.556000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/9953"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/11206"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/358356"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/358363"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/358357"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/358361"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=108006581418116\u0026amp;w=2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "db": "BID",
        "id": "9953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-03-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "date": "2004-03-23T00:00:00",
        "db": "BID",
        "id": "9953"
      },
      {
        "date": "2004-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "date": "2004-03-23T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10313"
      },
      {
        "date": "2004-03-23T00:00:00",
        "db": "BID",
        "id": "9953"
      },
      {
        "date": "2020-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      },
      {
        "date": "2024-11-20T23:51:58.520000",
        "db": "NVD",
        "id": "CVE-2004-1884"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Progress Software Ipswitch WS_FTP Server Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200403-097"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2004-1884

Vulnerability from fkie_nvd

Published

2004-03-23 05:00

Modified

2024-11-20 23:51

Severity ?

Summary

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=108006581418116&w=2
cve@mitre.org	http://secunia.com/advisories/11206	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/9953	Exploit, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/15558
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=108006581418116&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11206	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/9953	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/15558

Impacted products

Vendor	Product	Version
ipswitch	ws_ftp_pro	6.0
ipswitch	ws_ftp_pro	7.5
ipswitch	ws_ftp_pro	8.0_2
ipswitch	ws_ftp_pro	8.0_3
ipswitch	ws_ftp_server	3.0_1
ipswitch	ws_ftp_server	4.01
progress	ws_ftp_server	1.0.1
progress	ws_ftp_server	1.0.2
progress	ws_ftp_server	1.0.3
progress	ws_ftp_server	1.0.4
progress	ws_ftp_server	1.0.5
progress	ws_ftp_server	2.0
progress	ws_ftp_server	2.0.1
progress	ws_ftp_server	2.0.2
progress	ws_ftp_server	2.0.3
progress	ws_ftp_server	2.0.4
progress	ws_ftp_server	3.0
progress	ws_ftp_server	3.1
progress	ws_ftp_server	3.1.1
progress	ws_ftp_server	3.1.2
progress	ws_ftp_server	3.1.3
progress	ws_ftp_server	3.4
progress	ws_ftp_server	4.0
progress	ws_ftp_server	4.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_pro:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C53D89-E5B6-4734-8CDC-D81C1975640B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_pro:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6CA6D1-772C-4D26-8786-A837B6A7DEC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2F765A-DB53-4DD9-8E63-B819D7506B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_pro:8.0_3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D40A899-6605-4AA0-A415-99E0792238EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:3.0_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B30C60A-2716-4464-A9CD-2649DC763037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A4DEB6-8E4B-4DAD-911C-DCC26D4C9DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A886D80F-D72C-4BDF-A65F-27CA82348C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0D7240-62C8-4003-A840-98E818709D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA99A58B-F751-4C04-B41B-CBE94998AA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D8225C-A74A-451E-9589-F1E00E4728D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3438AF-FCF1-4D77-83D5-27B9989F0683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "843B6647-BF92-46D1-ADEE-92088D9AD1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B80A25-3860-4CF5-B8ED-5370EBB42455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7B58011-9D3B-432C-93B1-47938F7E2D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50BE9ECB-4799-48BD-B3BE-7EE27FE3AA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBC59D2-405D-4374-812A-A3AEE0D6D594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "755C3FB5-5D5B-4732-86F9-68A6612BC819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "968C0544-A2F5-4FA6-A4B8-89113EE95B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33B458B-F945-4D1A-81B7-F07CCC183C14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D662A9-5D1B-465E-A4B1-A4C86BA207C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA7690C-8ADA-462E-B671-4D4CB243A483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B11EAC-796C-43E4-A150-F3FE3F19A058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71B59A7-9467-4729-9A24-D5291C059E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:progress:ws_ftp_server:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1D0E89-C64F-4027-BF44-8F7159A5AE21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access."
    }
  ],
  "id": "CVE-2004-1884",
  "lastModified": "2024-11-20T23:51:58.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11206"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9953"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-6jw6-78vv-w9mg

Vulnerability from github

Published

2022-04-29 03:00

Modified

2022-04-29 03:00

Details

Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-1884"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-03-23T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.",
  "id": "GHSA-6jw6-78vv-w9mg",
  "modified": "2022-04-29T03:00:23Z",
  "published": "2022-04-29T03:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1884"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15558"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=108006581418116\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/11206"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9953"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2004-1884

Vulnerability from cvelistv5

gsd-2004-1884

Vulnerability from gsd

var-200403-0095

Vulnerability from variot

fkie_cve-2004-1884

Vulnerability from fkie_nvd

ghsa-6jw6-78vv-w9mg

Vulnerability from github

Tags

Sightings

Nomenclature