cbcvebase.
CVE-2008-4247
published 2008-09-25

CVE-2008-4247: ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands…

PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.04%
89.4th percentile
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianlinux-ftpd< linux-ftpd 0.17-29 (bookworm)linux-ftpd 0.17-29 (bookworm)
debianlinux-ftpd-ssl< linux-ftpd 0.17-29 (bookworm)linux-ftpd 0.17-29 (bookworm)
freebsdfreebsd
linux-ftpd-ssllinux-ftpd-ssl>= 0 < 0.17.27+0.3-30.17.27+0.3-3
linux-ftpd-ssllinux-ftpd-ssl>= 0 < 0.17.27+0.3-30.17.27+0.3-3
linux-ftpd-ssllinux-ftpd-ssl>= 0 < 0.17.27+0.3-30.17.27+0.3-3
netbsdnetbsd
openbsdopenbsd

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.