PT-2007-2948 · Kde+1 · Konqueror+1

Published

2007-03-21

Updated

2017-10-11

CVE-2007-1564

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Konqueror version 3.5.5

Description The issue concerns the FTP protocol implementation, which allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information. This is achieved by specifying an alternate server address in an FTP PASV response.

Recommendations For Konqueror version 3.5.5, consider disabling the FTP protocol implementation until a patch is available. Restrict access to sensitive information and avoid using the FTP protocol with untrusted servers to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-1564

RHSA-2007:0909

RHSA-2007_0909

Affected Products

Konqueror

Red Hat

PT-2007-2948 · Kde+1 · Konqueror+1

CVE-2007-1564

Weakness Enumeration

Related Identifiers

Affected Products

References · 35