CVE-2014-1843 : Directory traversal vulnerability in the web interface in Titan FTP Server befor

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.

Published 2014-04-29 10:37:04

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2014-1843

Southrivertech » Titan Ftp Server
Versions up to, including, (<=) 10.40
cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*
Matching versions
Southrivertech » Titan Ftp Server » Version: 10.30
cpe:2.3:a:southrivertech:titan_ftp_server:10.30:*:*:*:*:*:*:*
Matching versions
Southrivertech » Titan Ftp Server » Version: 10.0.1733
cpe:2.3:a:southrivertech:titan_ftp_server:10.0.1733:*:*:*:*:*:*:*
Matching versions
Southrivertech » Titan Ftp Server » Version: 10.01.1740
cpe:2.3:a:southrivertech:titan_ftp_server:10.01.1740:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-1843

Top countries where our scanners detected CVE-2014-1843

Top open port discovered on systems with this issue 21

IPs affected by CVE-2014-1843 87

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-1843!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-1843

EPSS FAQ

10.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1843

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-1843

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1843

http://www.securityfocus.com/bid/65469

Titan FTP Server CVE-2014-1843 Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/31579

Titan FTP Server 10.32 Build 1816 - Directory Traversal - Windows webapps Exploit
Exploit

CVEs referencing this url
http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html

CVEs referencing this url
http://www.osvdb.org/103197

404 Not Found