PT-2020-10217 · Maxum · Rumpus Ftp Server

Published

2020-02-10

Updated

2020-02-11

CVE-2019-19670

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rumpus FTP Server version 8.2.9.1

Description A HTTP Response Splitting issue was identified in the Web Settings Component of Web File Manager. This can be exploited to achieve stored XSS or website defacement by manipulating the ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html.

Recommendations For Rumpus FTP Server version 8.2.9.1, consider restricting access to the Web Settings Component of Web File Manager until a fix is available. As a temporary workaround, avoid using the ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-19670

Affected Products

Rumpus Ftp Server

PT-2020-10217 · Maxum · Rumpus Ftp Server

CVE-2019-19670

Related Identifiers

Affected Products

References · 4