Lucene search

K
osvGoogleOSV:USN-6037-1
HistoryApr 28, 2023 - 10:19 a.m.

Apache Commons Net vulnerability

2023-04-2810:19:40
Google
osv.dev
13
security
ftp
apache commons net
remote attacker
malicious server
information leakage

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

65.4%

ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted
the host from PASV responses by default. A remote attacker with a
malicious FTP server could redirect the client to another server, which
could possibly result in leaked information about services running on the
private network of the client.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

65.4%