PRIOn knowledge basePRION:CVE-2008-4242Cross site request forgery (csrf)
7.5 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.1%
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
References
bugs.proftpd.org/show_bug.cgi?id=3115
secunia.com/advisories/31930
secunia.com/advisories/33261
secunia.com/advisories/33413
securityreason.com/achievement_securityalert/56
securityreason.com/securityalert/4313
www.debian.org/security/2008/dsa-1689
www.mandriva.com/security/advisories?name=MDVSA-2009:061
www.securityfocus.com/bid/31289
www.securitytracker.com/id?1020945
exchange.xforce.ibmcloud.com/vulnerabilities/45274
www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html
www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html
Related
7.5 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.1%