CVE-2007-6738
published 2010-10-19CVE-2007-6738: pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain…
PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.13%
62.3th percentile
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pyftpdlib | — | — |
| g.rodola | pyftpdlib | <= 0.1 | — |
| g.rodola | pyftpdlib | >= 0 < 0.1.1 | 0.1.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
osv·2022-05-01
CVE-2007-6738 [HIGH] pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
GHSA
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
ghsa·2022-05-01
CVE-2007-6738 [HIGH] CWE-330 pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
OSV
CVE-2007-6738: pyftpdlib before 0
osv·2010-10-19
CVE-2007-6738 CVE-2007-6738: pyftpdlib before 0
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Debian
CVE-2007-6738: python-pyftpdlib - pyftpdlib before 0.1.1 does not choose a random value for the port associated wi...
vendor_debian·2007·CVSS 5.0
CVE-2007-6738 [MEDIUM] CVE-2007-6738: python-pyftpdlib - pyftpdlib before 0.1.1 does not choose a random value for the port associated wi...
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2010-10-19
Published