cbcvebase.
CVE-2007-6741
published 2010-10-19

CVE-2007-6741: The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the…

PriorityP429medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.77%
75.3th percentile
The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianpython-pyftpdlib
g.rodolapyftpdlib<= 0.1.1
g.rodolapyftpdlib
g.rodolapyftpdlib>= 0 < 0.2.00.2.0

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.