Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-8284

Опубликовано: 14 дек. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 3.7

Описание

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

РелизСтатусПримечание
bionic

released

7.58.0-2ubuntu3.12
devel

released

7.74.0-1ubuntu1
esm-infra-legacy/trusty

released

7.35.0-1ubuntu2.20+esm6
esm-infra/bionic

released

7.58.0-2ubuntu3.12
esm-infra/focal

released

7.68.0-1ubuntu2.4
esm-infra/xenial

released

7.47.0-1ubuntu2.18
focal

released

7.68.0-1ubuntu2.4
groovy

released

7.68.0-1ubuntu4.2
precise/esm

not-affected

7.22.0-3ubuntu4.29
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00129
Низкий

4.3 Medium

CVSS2

3.7 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-8284

CVSS3: 3.1
redhat
около 5 лет назад

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

nvd логотип

CVE-2020-8284

CVSS3: 3.7
nvd
около 5 лет назад

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

msrc логотип

CVE-2020-8284

CVSS3: 3.7
msrc
около 5 лет назад

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port and this way potentially make curl extract information about services that are otherwise private and not disclosed for example doing port scanning and service banner extractions.

debian логотип

CVE-2020-8284

CVSS3: 3.7
debian
около 5 лет назад

A malicious server can use the FTP PASV response to trick curl 7.73.0 ...

github логотип

GHSA-69rc-qfx4-h683

CVSS3: 3.7
github
больше 3 лет назад

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

EPSS

Процентиль: 33%
0.00129
Низкий

4.3 Medium

CVSS2

3.7 Low

CVSS3