| Vulnerability Name: | CVE-2002-0538 (CCN-8847) | ||||||||
| Assigned: | 2002-04-15 | ||||||||
| Published: | 2002-04-15 | ||||||||
| Updated: | 2011-03-08 | ||||||||
| Summary: | FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: BUGTRAQ Type: Vendor Advisory 20020415 Raptor Firewall FTP Bounce vulnerability Source: CCN Type: BugTraq Mailing List, Mon Apr 15 2002 - 09:11:58 CDT Raptor Firewall FTP Bounce vulnerability Source: BUGTRAQ Type: UNKNOWN 20020417 Re: Raptor Firewall FTP Bounce vulnerability Source: CCN Type: BugTraq Mailing List, Wed Apr 17 2002 - 16:06:11 CDT Re: Raptor Firewall FTP Bounce vulnerability Source: MITRE Type: CNA CVE-2002-0538 Source: CCN Type: Symantec Security Response 17 April, 2002 Symantec Enterprise Firewall FTP Bounce Attack Source: CONFIRM Type: Patch, Vendor Advisory http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html Source: XF Type: Patch, Vendor Advisory raptor-firewall-ftp-bounce(8847) Source: CCN Type: OSVDB ID: 4698 Symantec Raptor Firewall FTP Data Redirection Bounce Attack Source: BID Type: Patch, Vendor Advisory 4522 Source: CCN Type: BID-4522 Symantec Raptor / Enterprise Firewall FTP Bounce Vulnerability Source: XF Type: UNKNOWN raptor-firewall-ftp-bounce(8847) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||