7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.9%
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
Failure to check for the appropriate field of a CRL entry (checking twice
for subject, rather than once for subject and once for issuer) prevents
some valid CRLs from being taken into account, and can allow clients whose
certificates have been revoked to proceed with a connection to the server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | proftpd-dfsg | < any | UNKNOWN |
ubuntu | 20.04 | noarch | proftpd-dfsg | < any | UNKNOWN |
ubuntu | 22.04 | noarch | proftpd-dfsg | < any | UNKNOWN |
ubuntu | 23.10 | noarch | proftpd-dfsg | < any | UNKNOWN |
ubuntu | 24.04 | noarch | proftpd-dfsg | < any | UNKNOWN |
ubuntu | 16.04 | noarch | proftpd-dfsg | < any | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.9%