Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1419

9 documents8 sources

Severity

5.0MEDIUM

EPSS

72.0%

top 1.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vsftpd Project Vsftpd Opensuse Opensuse

Timeline

PublishedJan 28

Latest updateMay 14

Description

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianvsftpd< 3.0.2-18+3

▶NVDvsftpd_project/vsftpd3.0.2

▶NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: lists.opensuse.org ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-2r24-78wj-92qx: Unspecified vulnerability in vsftpd 3↗2022-05-14

▶

CVEList

CVE-2015-1419: Unspecified vulnerability in vsftpd 3↗2015-01-28

▶

OSV

CVE-2015-1419: Unspecified vulnerability in vsftpd 3↗2015-01-28

▶

💥Exploits & PoCs

Nuclei

vsftpd <= 3.0.2 - Access Restriction Bypass

▶

📋Vendor Advisories

Red Hat

vsftpd: access restrictions bypass↗2015-01-19

▶

Debian

CVE-2015-1419: vsftpd - Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to...↗2015

▶

💬Community

Bugzilla

CVE-2015-1419 vsftpd: access restrictions bypass [fedora-all]↗2015-01-29

▶

Bugzilla

CVE-2015-1419 vsftpd: access restrictions bypass↗2015-01-29

▶