PT-2007-5837 · Apple · Cfnetwork
Published
2007-11-15
·
Updated
2018-10-26
·
CVE-2007-4679
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
CFNetwork versions 10.4 through 10.4.10
Description:
The issue allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. This is related to the CFFTP component in CFNetwork.
Recommendations:
For versions 10.4 through 10.4.10, consider restricting access to FTP servers until a patch is available. As a temporary workaround, avoid using the PASV command in FTP connections to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cfnetwork