Описание
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-pyftpdlib | not-affected | package |
EPSS
Процентиль: 48%
0.0025
Низкий
Связанные уязвимости
nvd
около 15 лет назад
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
CVSS3: 7.5
github
больше 3 лет назад
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
EPSS
Процентиль: 48%
0.0025
Низкий