3 matches found
CVE-2007-6738
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...
pyftpdlib FTP Server Information Disclosure Vulnerability
This host is running pyftpdlib FTP server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbpyftpdlibinfodiscvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ pyftpdlib FTP Server Information Disclosure Vulnerability Authors: Sooraj KS Copyright: Copyright c 201...
CVE-2007-6738
CVE-2007-6738 affects pyftpdlib prior to 0.1.1. The PASV command uses a non-random port value, enabling remote attackers to infer the number of in‑progress data connections by reading the response. Impact is information disclosure. Mitigation: upgrade to 0.1.1 or later (per the cited descriptions...