Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-37533

Опубликовано: 03 дек. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

РелизСтатусПримечание
bionic

released

3.6-1+deb11u1build0.18.04.1
devel

not-affected

3.9.0-1
esm-apps/bionic

released

3.6-1+deb11u1build0.18.04.1
esm-apps/focal

released

3.6-1+deb11u1build0.20.04.1
esm-apps/jammy

released

3.6-1+deb11u1build0.22.04.1
esm-apps/xenial

released

3.4-2ubuntu2+esm1
focal

released

3.6-1+deb11u1build0.20.04.1
jammy

released

3.6-1+deb11u1build0.22.04.1
kinetic

released

3.6-1+deb11u1build0.22.10.1
lunar

not-affected

3.9.0-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 44%
0.00214
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-37533

CVSS3: 6.5
redhat
почти 3 года назад

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

nvd логотип

CVE-2021-37533

CVSS3: 6.5
nvd
около 3 лет назад

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

debian логотип

CVE-2021-37533

CVSS3: 6.5
debian
около 3 лет назад

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host fr ...

github логотип

GHSA-cgp8-4m63-fhh5

CVSS3: 6.5
github
около 3 лет назад

Apache Commons Net vulnerable to information leakage via malicious server

fstec логотип

BDU:2023-00080

CVSS3: 6.5
fstec
почти 4 года назад

Уязвимость компонента FTP Client библиотеки Apache Commons Net, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и осуществить CSRF-атаку

EPSS

Процентиль: 44%
0.00214
Низкий

6.5 Medium

CVSS3