CVE-2008-4242

CWE-352 — Cross-Site Request Forgery (CSRF)12 documents7 sources

Severity

6.8MEDIUM

EPSS

3.4%

top 12.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Proftpd Project Proftpd

Timeline

PublishedSep 25

Latest updateMay 2

Description

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianproftpd-dfsg< 1.3.1-15+3

▶NVDproftpd_project/proftpd1.3.1

🔴Vulnerability Details

GHSA

GHSA-hvr6-6w44-9wq6: ProFTPD 1↗2022-05-02

▶

CVEList

CVE-2008-4242: ProFTPD 1↗2008-09-25

▶

OSV

CVE-2008-4242: ProFTPD 1↗2008-09-25

▶

📋Vendor Advisories

Red Hat

proftpd CSRF attack↗2008-09-25

▶

Debian

CVE-2008-4242: proftpd-dfsg - ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, ...↗2008

▶

💬Community

Bugzilla

CVE-2008-4242 proftpd CSRF attack [F8]↗2008-09-26

▶

Bugzilla

CVE-2008-4242 proftpd CSRF attack↗2008-09-26

▶

Bugzilla

CVE-2008-4242 proftpd CSRF attack [epel-5]↗2008-09-26

▶

Bugzilla

CVE-2008-4242 proftpd CSRF attack [F9]↗2008-09-26

▶

Bugzilla

CVE-2008-4242 proftpd CSRF attack [F10]↗2008-09-26

▶