CVE-2000-0876

WFTPD and WFTPD Pro 2.41 RC12 - Unauthenticated Sensitive Information Exposure via %C Command

Title source: llm
STIX 2.1

Description

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5196
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5829

Scores

EPSS 0.0152
EPSS Percentile 71.6%

Details

CWE
CWE-200
Status published
Products (6)
texas_imperial_software/wftpd 2.4.1
texas_imperial_software/wftpd 2.4.1_rc11
texas_imperial_software/wftpd 2.4.1_rc12
texas_imperial_software/wftpd 2.34
texas_imperial_software/wftpd 2.40
texas_imperial_software/wftpd_pro 2.41_rc12
Published Nov 14, 2000
Tracked Since Feb 18, 2026