CVE-2005-3057

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3057
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fortinet / fortios	-	2.8_mr10.x
fortinet / fortios	-	3_beta.x
fortinet / fortigate	2.8	2.8.x

http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042139.html
http://marc.info/?l=bugtraq&m=113986337408103&w=2
http://secunia.com/advisories/18844
http://www.securityfocus.com/bid/16597
http://www.vupen.com/english/advisories/2006/0539
https://exchange.xforce.ibmcloud.com/vulnerabilities/24624

Vulnerability Database

290,020

CVE-2005-3057