[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1562Date: (C)2007-03-21   (M)2024-04-16


The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017800
http://www.securityfocus.com/archive/1/463501/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
BID-23082
SECUNIA-25476
SECUNIA-25490
SECUNIA-25858
ADV-2007-1034
HPSBUX02153
RHSA-2007:0400
RHSA-2007:0402
SSRT061181
SUSE-SA:2007:036
USN-443-1
http://www.openwall.com/lists/oss-security/2020/12/09/1
firefox-nsftpstate-information-disclosure(33119)
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
https://bugzilla.mozilla.org/show_bug.cgi?id=370559
https://issues.rpath.com/browse/RPL-1157
https://issues.rpath.com/browse/RPL-1424
oval:org.mitre.oval:def:11431

CPE    19
cpe:/a:mozilla:firefox:1.5.0.10
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5:beta2
...
CWE    1
CWE-200
OVAL    1
oval:org.secpod.oval:def:2106586

© SecPod Technologies