Описание
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-pyftpdlib | not-affected | package |
Связанные уязвимости
nvd
больше 15 лет назад
pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
CVSS3: 7.5
github
почти 4 года назад
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command