CVE-2004-1602

Опубликовано: 15 окт. 2004

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Ссылки

http://marc.info/?l=bugtraq&m=109786760926133&w=2
Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
Broken Link
Exploit
Patch
Vendor Advisory
http://securitytracker.com/id?1011687
Broken Link
Exploit
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/11430
Broken Link
Exploit
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724
Third Party Advisory
VDB Entry
http://marc.info/?l=bugtraq&m=109786760926133&w=2
Third Party Advisory
http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
Broken Link
Exploit
Patch
Vendor Advisory
http://securitytracker.com/id?1011687
Broken Link
Exploit
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/11430
Broken Link
Exploit
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17724
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.2.10 (включая)

EPSS

Процентиль: 74%

0.0083

Низкий

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

CVE-2004-1602

debian

около 21 года назад

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amo ...

GHSA-9qc2-2rhf-vf42

github

больше 3 лет назад