cvelistv5 - cve-2008-4242

CVE-2008-4242 (GCVE-0-2008-4242)

Vulnerability from cvelistv5 – Published: 2008-09-25 19:00 – Updated: 2024-08-07 10:08

Summary

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/31289	vdb-entryx_refsource_BID
	http://securityreason.com/achievement_securityalert/56	third-party-advisoryx_refsource_SREASONRES
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securitytracker.com/id?1020945	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/31930	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/33261	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/33413	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/4313	third-party-advisoryx_refsource_SREASON
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.debian.org/security/2008/dsa-1689	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://bugs.proftpd.org/show_bug.cgi?id=3115	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:08:34.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31289"
          },
          {
            "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASONRES",
              "x_transferred"
            ],
            "url": "http://securityreason.com/achievement_securityalert/56"
          },
          {
            "name": "MDVSA-2009:061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
          },
          {
            "name": "1020945",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020945"
          },
          {
            "name": "31930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31930"
          },
          {
            "name": "FEDORA-2009-0195",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
          },
          {
            "name": "33261",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33261"
          },
          {
            "name": "33413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33413"
          },
          {
            "name": "4313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4313"
          },
          {
            "name": "FEDORA-2009-0064",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
          },
          {
            "name": "DSA-1689",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1689"
          },
          {
            "name": "proftpd-url-csrf(45274)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31289"
        },
        {
          "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASONRES"
          ],
          "url": "http://securityreason.com/achievement_securityalert/56"
        },
        {
          "name": "MDVSA-2009:061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
        },
        {
          "name": "1020945",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020945"
        },
        {
          "name": "31930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31930"
        },
        {
          "name": "FEDORA-2009-0195",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
        },
        {
          "name": "33261",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33261"
        },
        {
          "name": "33413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33413"
        },
        {
          "name": "4313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4313"
        },
        {
          "name": "FEDORA-2009-0064",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
        },
        {
          "name": "DSA-1689",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1689"
        },
        {
          "name": "proftpd-url-csrf(45274)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31289"
            },
            {
              "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
              "refsource": "SREASONRES",
              "url": "http://securityreason.com/achievement_securityalert/56"
            },
            {
              "name": "MDVSA-2009:061",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
            },
            {
              "name": "1020945",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020945"
            },
            {
              "name": "31930",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31930"
            },
            {
              "name": "FEDORA-2009-0195",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
            },
            {
              "name": "33261",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33261"
            },
            {
              "name": "33413",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33413"
            },
            {
              "name": "4313",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4313"
            },
            {
              "name": "FEDORA-2009-0064",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
            },
            {
              "name": "DSA-1689",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1689"
            },
            {
              "name": "proftpd-url-csrf(45274)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
            },
            {
              "name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
              "refsource": "CONFIRM",
              "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4242",
    "datePublished": "2008-09-25T19:00:00",
    "dateReserved": "2008-09-25T00:00:00",
    "dateUpdated": "2024-08-07T10:08:34.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71965620-399A-450C-95A5-5B327438768A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.\"}, {\"lang\": \"es\", \"value\": \"ProFTPD  v1.3.1 interpreta como m\\u00faltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificaci\\u00f3n de petici\\u00f3n en sitios cruzados (CSFR) y ejecutar comdos FTP de su elecci\\u00f3n a trav\\u00e9s de una URI ftp:// larga que aprovecha la sesi\\u00f3n existente en la implementaci\\u00f3n de cliente FTP en un navegador web.\"}]",
      "id": "CVE-2008-4242",
      "lastModified": "2024-11-21T00:51:14.947",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2008-09-25T19:25:18.693",
      "references": "[{\"url\": \"http://bugs.proftpd.org/show_bug.cgi?id=3115\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31930\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33261\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33413\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/achievement_securityalert/56\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4313\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1689\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:061\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/31289\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1020945\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45274\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.proftpd.org/show_bug.cgi?id=3115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/33413\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/achievement_securityalert/56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4313\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/31289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1020945\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-4242\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-25T19:25:18.693\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.\"},{\"lang\":\"es\",\"value\":\"ProFTPD  v1.3.1 interpreta como m\u00faltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR) y ejecutar comdos FTP de su elecci\u00f3n a trav\u00e9s de una URI ftp:// larga que aprovecha la sesi\u00f3n existente en la implementaci\u00f3n de cliente FTP en un navegador web.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71965620-399A-450C-95A5-5B327438768A\"}]}]}],\"references\":[{\"url\":\"http://bugs.proftpd.org/show_bug.cgi?id=3115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33261\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33413\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/achievement_securityalert/56\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4313\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1689\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:061\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/31289\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1020945\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45274\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.proftpd.org/show_bug.cgi?id=3115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/achievement_securityalert/56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/31289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1020945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-HVR6-6W44-9WQ6

Vulnerability from github – Published: 2022-05-02 00:08 – Updated: 2022-05-02 00:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-25T19:25:00Z",
    "severity": "MODERATE"
  },
  "details": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.",
  "id": "GHSA-hvr6-6w44-9wq6",
  "modified": "2022-05-02T00:08:22Z",
  "published": "2022-05-02T00:08:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4242"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31930"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33261"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33413"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/achievement_securityalert/56"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4313"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1689"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31289"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020945"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-4242

Vulnerability from fkie_nvd - Published: 2008-09-25 19:25 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.proftpd.org/show_bug.cgi?id=3115
cve@mitre.org	http://secunia.com/advisories/31930	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33261
cve@mitre.org	http://secunia.com/advisories/33413
cve@mitre.org	http://securityreason.com/achievement_securityalert/56
cve@mitre.org	http://securityreason.com/securityalert/4313
cve@mitre.org	http://www.debian.org/security/2008/dsa-1689
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:061
cve@mitre.org	http://www.securityfocus.com/bid/31289	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1020945
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45274
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html
af854a3a-2127-422b-91ae-364da2661108	http://bugs.proftpd.org/show_bug.cgi?id=3115
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31930	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33261
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33413
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/achievement_securityalert/56
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4313
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1689
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:061
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31289	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020945
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45274
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html

Impacted products

	Vendor	Product	Version
	proftpd_project	proftpd	1.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71965620-399A-450C-95A5-5B327438768A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
    },
    {
      "lang": "es",
      "value": "ProFTPD  v1.3.1 interpreta como m\u00faltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR) y ejecutar comdos FTP de su elecci\u00f3n a trav\u00e9s de una URI ftp:// larga que aprovecha la sesi\u00f3n existente en la implementaci\u00f3n de cliente FTP en un navegador web."
    }
  ],
  "id": "CVE-2008-4242",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-25T19:25:18.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31930"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/achievement_securityalert/56"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4313"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31289"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020945"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/achievement_securityalert/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-471

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans ProFTPD permet à un utilisateur distant de réaliser des attaques de type Cross-site request forgery sur le serveur vulnérable.

Description

Une vulnérabilité relative à la gestion des requêtes excessivement longues est présente dans ProFTPD. Celle-ci peut être exploitée pour exécuter des commandes FTP arbitraires dans le contexte d'un autre utilisateur.

Solution

La version CVS de ProFTPD corrige le problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention du correctif (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	ProFTPD versions 1.2.x ;
	N/A	N/A	ProFTPD versions 1.3.x.

References

Title

Publication Time

Tags

Rapport d'erreur de ProFTPD n°3115 du 20 septembre 2008	None	vendor-advisory
Site de ProFTPD :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ProFTPD versions 1.2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ProFTPD versions 1.3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 relative \u00e0 la gestion des requ\u00eates excessivement\nlongues est pr\u00e9sente dans ProFTPD. Celle-ci peut \u00eatre exploit\u00e9e pour\nex\u00e9cuter des commandes FTP arbitraires dans le contexte d\u0027un autre\nutilisateur.\n\n## Solution\n\nLa version CVS de ProFTPD corrige le probl\u00e8me.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention du\ncorrectif (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4242"
    }
  ],
  "links": [
    {
      "title": "Site de ProFTPD :",
      "url": "http://www.proftpd.org"
    }
  ],
  "reference": "CERTA-2008-AVI-471",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ProFTPD permet \u00e0 un utilisateur distant de\nr\u00e9aliser des attaques de type \u003cspan class=\"textit\"\u003eCross-site request\nforgery\u003c/span\u003e sur le serveur vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de ProFTPD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport d\u0027erreur de ProFTPD n\u00b03115 du 20 septembre 2008",
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
    }
  ]
}

CERTA-2008-AVI-471

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans ProFTPD permet à un utilisateur distant de réaliser des attaques de type Cross-site request forgery sur le serveur vulnérable.

Description

Solution

La version CVS de ProFTPD corrige le problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention du correctif (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	ProFTPD versions 1.2.x ;
	N/A	N/A	ProFTPD versions 1.3.x.

References

Title

Publication Time

Tags

Rapport d'erreur de ProFTPD n°3115 du 20 septembre 2008	None	vendor-advisory
Site de ProFTPD :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ProFTPD versions 1.2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ProFTPD versions 1.3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 relative \u00e0 la gestion des requ\u00eates excessivement\nlongues est pr\u00e9sente dans ProFTPD. Celle-ci peut \u00eatre exploit\u00e9e pour\nex\u00e9cuter des commandes FTP arbitraires dans le contexte d\u0027un autre\nutilisateur.\n\n## Solution\n\nLa version CVS de ProFTPD corrige le probl\u00e8me.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention du\ncorrectif (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4242"
    }
  ],
  "links": [
    {
      "title": "Site de ProFTPD :",
      "url": "http://www.proftpd.org"
    }
  ],
  "reference": "CERTA-2008-AVI-471",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ProFTPD permet \u00e0 un utilisateur distant de\nr\u00e9aliser des attaques de type \u003cspan class=\"textit\"\u003eCross-site request\nforgery\u003c/span\u003e sur le serveur vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de ProFTPD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport d\u0027erreur de ProFTPD n\u00b03115 du 20 septembre 2008",
      "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
    }
  ]
}

GSD-2008-4242

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-4242

Aliases

CVE-2008-4242

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4242",
    "description": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.",
    "id": "GSD-2008-4242",
    "references": [
      "https://www.debian.org/security/2008/dsa-1689"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4242"
      ],
      "details": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.",
      "id": "GSD-2008-4242",
      "modified": "2023-12-13T01:22:59.335429Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-4242",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31289",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31289"
          },
          {
            "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
            "refsource": "SREASONRES",
            "url": "http://securityreason.com/achievement_securityalert/56"
          },
          {
            "name": "MDVSA-2009:061",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
          },
          {
            "name": "1020945",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020945"
          },
          {
            "name": "31930",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31930"
          },
          {
            "name": "FEDORA-2009-0195",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
          },
          {
            "name": "33261",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33261"
          },
          {
            "name": "33413",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33413"
          },
          {
            "name": "4313",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4313"
          },
          {
            "name": "FEDORA-2009-0064",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
          },
          {
            "name": "DSA-1689",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1689"
          },
          {
            "name": "proftpd-url-csrf(45274)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
          },
          {
            "name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
            "refsource": "CONFIRM",
            "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4242"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31930",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31930"
            },
            {
              "name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
            },
            {
              "name": "31289",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/31289"
            },
            {
              "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
              "refsource": "SREASONRES",
              "tags": [],
              "url": "http://securityreason.com/achievement_securityalert/56"
            },
            {
              "name": "1020945",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020945"
            },
            {
              "name": "DSA-1689",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1689"
            },
            {
              "name": "33261",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33261"
            },
            {
              "name": "33413",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33413"
            },
            {
              "name": "FEDORA-2009-0195",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
            },
            {
              "name": "FEDORA-2009-0064",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
            },
            {
              "name": "4313",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4313"
            },
            {
              "name": "MDVSA-2009:061",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
            },
            {
              "name": "proftpd-url-csrf(45274)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:32Z",
      "publishedDate": "2008-09-25T19:25Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4242 (GCVE-0-2008-4242)

GHSA-HVR6-6W44-9WQ6

FKIE_CVE-2008-4242

CERTA-2008-AVI-471

Description

Solution

CERTA-2008-AVI-471

Description

Solution

GSD-2008-4242

Tags

Sightings

Nomenclature