Summary
The host is running ProFTPD Server, which is prone to cross-site request forgery vulnerability.
Impact
This can be exploited to execute arbitrary FTP commands on another user's session privileges.
Impact Level : Application
Solution
Fixed is available in the SVN repository,
http://www.proftpd.org/cvs.html
*****
NOTE : Ignore this warning, if above mentioned fix is applied already.
*****
Insight
The flaw exists due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command.
Affected
ProFTPD Project versions 1.2.x on Linux
ProFTPD Project versions 1.3.x on Linux
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4242 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Allaire JRun directory browsing vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability