| Vulnerability Name: | CVE-2004-0432 (CCN-16038) | ||||||||
| Assigned: | 2004-05-03 | ||||||||
| Published: | 2004-05-03 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: ProFTPD Web page Bug 2267 - Broken IP subnet matching Source: CONFIRM Type: UNKNOWN http://bugs.proftpd.org/show_bug.cgi?id=2267 Source: MITRE Type: CNA CVE-2004-0432 Source: TRUSTIX Type: UNKNOWN 2004-0025 Source: BUGTRAQ Type: UNKNOWN 20040430 [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd) Source: CCN Type: SA11527 ProFTPD CIDR Addressing ACL and "site chgrp" Security Issues Source: SECUNIA Type: UNKNOWN 11527 Source: CCN Type: GLSA-200405-09 ProFTPD Access Control List bypass vulnerability Source: MANDRAKE Type: UNKNOWN MDKSA-2004:041 Source: CCN Type: OpenPKG-SA-2004.018 ProFTPD Source: CCN Type: OSVDB ID: 5744 ProFTPD CIDR IP Subnet ACL Bypass Source: BID Type: Patch, Vendor Advisory 10252 Source: CCN Type: BID-10252 ProFTPD CIDR Access Control Rule Bypass Vulnerability Source: CCN Type: TLSA-2009-16 CIDR based ACL vulnerability Source: XF Type: UNKNOWN proftpd-cidr-acl-bypass(16038) Source: XF Type: UNKNOWN proftpd-cidr-acl-bypass(16038) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||