[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1564Date: (C)2007-03-21   (M)2023-12-22


The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017801
BID-23091
SECUNIA-24889
SECUNIA-27108
ADV-2007-1076
MDKSA-2007:072
RHSA-2007:0909
SUSE-SR:2007:006
USN-447-1
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
http://www.kde.org/info/security/advisory-20070326-1.txt
https://issues.rpath.com/browse/RPL-1201
oval:org.mitre.oval:def:10646

CWE    1
CWE-200

© SecPod Technologies