PT-2007-5837 · Apple · Cfnetwork
Publicado
2007-11-15
·
Atualizado
2018-10-26
·
CVE-2007-4679
CVSS v2.0
2.6
Baixa
| Vetor | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
CFNetwork versions 10.4 through 10.4.10
Description:
The issue allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. This is related to the CFFTP component in CFNetwork.
Recommendations:
For versions 10.4 through 10.4.10, consider restricting access to FTP servers until a patch is available. As a temporary workaround, avoid using the PASV command in FTP connections to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cfnetwork