Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2007-1562

UNKNOWN
Published 2007-03-21T19:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2007-1562. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-ccpp-7p46-hqr2

Advisory Details

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2007-1562
WEB https://bugzilla.mozilla.org/show_bug.cgi?id=370559
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
WEB https://issues.rpath.com/browse/RPL-1157
WEB https://issues.rpath.com/browse/RPL-1424
WEB https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
WEB http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
WEB http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
WEB http://secunia.com/advisories/25476
WEB http://secunia.com/advisories/25490
WEB http://secunia.com/advisories/25858
WEB http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
WEB http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
WEB http://www.openwall.com/lists/oss-security/2020/12/09/1
WEB http://www.redhat.com/support/errata/RHSA-2007-0400.html
WEB http://www.redhat.com/support/errata/RHSA-2007-0402.html
WEB http://www.securityfocus.com/archive/1/463501/100/0/threaded
WEB http://www.securityfocus.com/archive/1/470172/100/200/threaded
WEB http://www.securityfocus.com/bid/23082
WEB http://www.securitytracker.com/id?1017800
WEB http://www.ubuntu.com/usn/usn-443-1
WEB http://www.vupen.com/english/advisories/2007/1034

Advisory provided by GitHub Security Advisory Database. Published: May 1, 2022, Modified: May 1, 2022

References

http://www.ubuntu.com/usn/usn-443-1
http://www.securityfocus.com/archive/1/470172/100/200/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://www.securitytracker.com/id?1017800
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.securityfocus.com/archive/1/463501/100/0/threaded
http://www.vupen.com/english/advisories/2007/1034
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
http://www.securityfocus.com/bid/23082
https://issues.rpath.com/browse/RPL-1424
http://secunia.com/advisories/25858
http://secunia.com/advisories/25476
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
https://bugzilla.mozilla.org/show_bug.cgi?id=370559
http://secunia.com/advisories/25490
http://www.redhat.com/support/errata/RHSA-2007-0402.html
https://issues.rpath.com/browse/RPL-1157
http://www.openwall.com/lists/oss-security/2020/12/09/1

HackerOne Reports

lib/net/ftp.rb: trusting PASV responses allow client abuse Low
sighook
Ruby
$500.00
Information Disclosure
View Report
Published: 2007-03-21T19:00:00
Last Modified: 2024-08-07T12:59:08.706Z
Copied to clipboard!