13 matches found
Astra Linux – Vulnerability in libcommons-net-java
Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...
PT-2026-22157
Name of the Vulnerable Software and Affected Versions FTP GVfs backend affected versions not specified Description A flaw exists in the FTP GVfs backend where a malicious FTP server can exploit the system by providing a crafted passive mode PASV response containing an arbitrary IP address and por...
apache-commons-net: FTP client trusts the host from PASV response by default
A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...
SUSE CVE-2007-1564
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...
SUSE CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
Apache Commons Net 输入验证错误漏洞
Apache Commons Net is the United States Apache Apache company a library. It implements many of the basic Internet Protocol clients. An input validation error vulnerability exists in Apache Commons Net versions prior to 3.9.0, which stems from the fact that the Net's FTP client trusts a host from ...
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...
DEBIAN-CVE-2021-40491
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...
OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
ALPINE-CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...
curl: FTP PASV command response can cause curl to connect to arbitrary host
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...
Core FTP LE Buffer Overflow Vulnerability
Core FTP is a set of free FTP client software from the Core FTP community. The software supports file uploads, downloads, renewals and more. A buffer overflow vulnerability exists in Core FTP LE, which could lead to the execution of DoS or remote code via a PASV response...
security flaw
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response...