Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
References
Link | Resource |
---|---|
https://www.kb.cert.org/vuls/id/745607 | Third Party Advisory US Government Resource |
https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf | Exploit Third Party Advisory |
https://www.securityfocus.com/bid/96154 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2018-07-13T19:57:01
Reserved: 2016-11-21T00:00:00
Link: CVE-2016-9499
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-13T20:29:02.003
Modified: 2019-10-09T23:20:33.133
Link: CVE-2016-9499
JSON object: View
Redhat Information
No data.