46 matches found
CVE-2021-37533 Apache Commons Net's FTP client trusts the host from PASV response by default
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
CVE-2021-37533
CVE-2021-37533 affects the Apache Commons Net FTP client prior to 3.9.0, where the FTP PASV response can cause the client to trust a host from the server. This could lead to leakage of information about services on the client’s private network if a malicious server is involved. The advisory notes...
CVE-2021-37533 Apache Commons Net's FTP client trusts the host from PASV response by default
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
CVE-2021-37533
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...
new packages: apache-commons-net
An update is available for apache-commons-net. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
PT-2022-6127 · Apache +3 · Apache Commons Net +3
Name of the Vulnerable Software and Affected Versions: Apache Commons Net versions prior to 3.9.0 Description: The issue is related to the FTP client in Apache Commons Net, which trusts the host from PASV response by default. This allows a malicious server to redirect the Commons Net code to use ...