ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-09-25T19:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-09-25T00:00:00
Link: CVE-2008-4242
JSON object: View
NVD Information
Status : Modified
Published: 2008-09-25T19:25:18.693
Modified: 2017-08-08T01:32:31.200
Link: CVE-2008-4242
JSON object: View
Redhat Information
No data.
CWE