Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1564

CWE-200Information Exposure8 documents7 sources
Severity
6.8MEDIUM
EPSS
9.7%
top 7.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
KDE Konqueror
Timeline
PublishedMar 21
Latest updateMay 1

Description

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDkde/konqueror3.5.5

🔴Vulnerability Details

2
GHSA
GHSA-2vfx-mj86-p92f: The FTP protocol implementation in Konqueror 32022-05-01
CVEList
CVE-2007-1564: The FTP protocol implementation in Konqueror 32007-03-21

💥Exploits & PoCs

1
Exploit-DB
KDE Konqueror 3.x/IOSlave - FTP PASV Port-Scanning2007-03-21

📋Vendor Advisories

2
Ubuntu
KDE library vulnerabilities2007-03-29
Red Hat
FTP protocol PASV design flaw affects konqueror2007-03-22

💬Community

2
Bugzilla
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror2007-03-23
Bugzilla
CVE-2007-1564 FTP protocol PASV design flaw affects konqueror2007-03-23