CVE-2001-0283

SunFTP build 9 - Directory Traversal via Dot-Dot in FTP Commands

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0283. PoCs published by se00020.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in SunFTP, allowing authenticated users to upload or retrieve files outside the FTP root directory. The PoC shows commands to read and write files outside the intended directory structure.

Description

Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.

Exploits (1)

exploitdb WORKING POC VERIFIED
by se00020 · textremotewindows
https://www.exploit-db.com/exploits/20653

This exploit demonstrates a directory traversal vulnerability in SunFTP, allowing authenticated users to upload or retrieve files outside the FTP root directory. The PoC shows commands to read and write files outside the intended directory structure.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: SunFTP (version not specified)
Auth required
Prerequisites: FTP access to the target server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html

Scores

EPSS 0.0600
EPSS Percentile 92.4%

Details

Status published
Products (1)
sun/sun_ftp build_9
Published May 03, 2001
Tracked Since Feb 18, 2026