cbcvebase.
CVE-2007-6738
published 2010-10-19

CVE-2007-6738: pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain…

PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.13%
62.3th percentile
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianpython-pyftpdlib
g.rodolapyftpdlib<= 0.1
g.rodolapyftpdlib>= 0 < 0.1.10.1.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.