Lucene search

[email protected]CVE-2002-2417

HistoryNov 01, 2007 - 5:00 p.m.

CVE-2002-2417

2007-11-0117:00:00

CWE-287

[email protected]

web.nvd.nist.gov

acftp

authentication

vulnerability

remote attackers

log files

privileges

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.047 Low

EPSS

Percentile

92.7%

JSON

acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.

Affected configurations

NVD

Node

acftpacftpMatch1.4

CPENameOperatorVersion
acftp:acftpacftpeq1.4

CPE	Name	Operator	Version
acftp:acftp	acftp	eq	1.4

References

archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html

securityreason.com/securityalert/3334

www.iss.net/security_center/static/10681.php

www.securityfocus.com/archive/1/300929

www.securityfocus.com/bid/6235

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2002-2417

cvelist1 nvd1