Lucene search
HistoryMay 10, 2005 - 4:00 a.m.
CVE-2004-1948
ncftp
sensitive information disclosure
ftp
security vulnerability
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via “ps aux,” which displays the URL in the process list.
Affected configurations
Node
ncftp_softwarencftpMatch3.0.0
ORncftp_softwarencftpMatch3.0.1
ORncftp_softwarencftpMatch3.0.2
ORncftp_softwarencftpMatch3.0.3
ORncftp_softwarencftpMatch3.0.4
ORncftp_softwarencftpMatch3.1.0
ORncftp_softwarencftpMatch3.1.1
ORncftp_softwarencftpMatch3.1.2
ORncftp_softwarencftpMatch3.1.3
ORncftp_softwarencftpMatch3.1.4
ORncftp_softwarencftpMatch3.1.5
ORncftp_softwarencftpMatch3.1.6
ORncftp_softwarencftpMatch3.1.7
Related
debiancve
debiancve
CVE-2004-1948
2005-05-10 04:00:00
ubuntucve
ubuntucve
CVE-2004-1948
2004-04-20 00:00:00
cvelist
cvelist
CVE-2004-1948
2005-05-10 04:00:00
nvd
nvd
CVE-2004-1948
2004-04-20 04:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2004-1948