Lucene search
HistoryDec 06, 2004 - 5:00 a.m.
CVE-2004-0448
cve-2004-0448
jftpgw
format string vulnerability
remote code execution
nvd
7.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.4%
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jftpgw:jftpgw | jftpgw | eq | 0.13 |
| jftpgw:jftpgw | jftpgw | eq | 0.13.2 |
| jftpgw:jftpgw | jftpgw | eq | 0.13.3 |
| jftpgw:jftpgw | jftpgw | eq | 0.13.1 |
Related
securityvulns
securityvulns
[SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability
2004-05-31 00:00:00
nessus
nessus
osv
osv
jftpgw - format string
2004-05-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 510-1 (jftpgw)
2008-01-17 00:00:00
FreeBSD Ports: jftpgw
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability
2004-05-29 20:58:15
freebsd
freebsd
Arbitrary code execution via a format string vulnerability in jftpgw
2004-05-30 00:00:00
7.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.4%
Related for CVE-2004-0448