Vulnerability Name:

CVE-2007-1562 (CCN-33119)

Assigned:2007-03-21
Published:2007-03-21
Updated:2020-12-09
Summary:The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MISC
Type: Broken Link
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf

Source: MITRE
Type: CNA
CVE-2007-1562

Source: MITRE
Type: CNA
CVE-2007-1563

Source: MITRE
Type: CNA
CVE-2007-1564

Source: HP
Type: Broken Link
HPSBUX02153

Source: CCN
Type: RHSA-2007-0400
Critical: firefox security update

Source: CCN
Type: RHSA-2007-0402
Critical: seamonkey security update

Source: CCN
Type: RHSA-2007-0909
Moderate: kdelibs security update

Source: SECUNIA
Type: Third Party Advisory
25476

Source: SECUNIA
Type: Third Party Advisory
25490

Source: SECUNIA
Type: Third Party Advisory
25858

Source: CCN
Type: SECTRACK ID: 1017800
Mozilla Firefox FTP PASV Implementation Permits Port Scanning

Source: CCN
Type: SECTRACK ID: 1017801
KDE Konqueror FTP PASV Implementation Permits Port Scanning

Source: CCN
Type: SECTRACK ID: 1017802
Opera FTP PASV Implementation Permits Port Scanning

Source: CCN
Type: ASA-2007-291
Firefox security update (RHSA-2007-0400)

Source: CCN
Type: ASA-2007-295
SeaMonkey security update (RHSA-2007-0402)

Source: CCN
Type: KDE Security Advisory 20070326-1
KDE ioslave PASV port scanning vulnerability

Source: CCN
Type: MFSA 2007-11
FTP PASV port-scanning

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html

Source: SUSE
Type: Broken Link
SUSE-SA:2007:036

Source: MLIST
Type: UNKNOWN
[oss-security] 20201209 [SECURITY ADVISORY] curl: trusting FTP PASV responses

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0400

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0402

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070322 FLEA-2007-0001-1: firefox

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070531 FLEA-2007-0023-1: firefox

Source: BID
Type: Third Party Advisory, VDB Entry
23082

Source: CCN
Type: BID-23082
Mozilla FireFox FTP PASV Port-Scanning Vulnerability

Source: CCN
Type: BID-23089
Opera FTP PASV Port-Scanning Vulnerability

Source: CCN
Type: BID-23091
KDE Konqueror/IOSlave FTP PASV Port-Scanning Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017800

Source: CCN
Type: USN-443-1
Firefox vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-443-1

Source: CCN
Type: USN-447-1
KDE library vulnerabilities

Source: VUPEN
Type: Third Party Advisory
ADV-2007-1034

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=370559

Source: XF
Type: Third Party Advisory, VDB Entry
firefox-nsftpstate-information-disclosure(33119)

Source: XF
Type: UNKNOWN
firefox-nsftpstate-information-disclosure(33119)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1157

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1424

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11431

Source: SUSE
Type: SUSE-SA:2007:036
Mozilla security updates

Source: SUSE
Type: SUSE-SR:2007:006
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.11)
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.0.3)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.5.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20071562
    V
    		CVE-2007-1562
    2015-11-16
    oval:org.mitre.oval:def:22347
    P
    		ELSA-2007:0400: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:11431
    V
    		The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
    2013-04-29
    oval:com.redhat.rhsa:def:20070400
    P
    		RHSA-2007:0400: firefox security update (Critical)
    2007-05-31
    oval:com.redhat.rhsa:def:20070402
    P
    		RHSA-2007:0402: seamonkey security update (Critical)
    2007-05-31
    BACK
    mozilla firefox *
    mozilla firefox *
    canonical ubuntu linux 6.06
    canonical ubuntu linux 5.10
    canonical ubuntu linux 6.10
    mozilla firefox 1.5 beta1
    mozilla firefox 2.0
    mozilla firefox 1.5
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla firefox 1.5.0.9
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0 beta1
    mozilla firefox 2.0 rc2
    mozilla firefox 2.0 rc3
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.10
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.8
    mozilla firefox 1.5 beta2
    opera opera browser 9.10
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    kde kde 3.5.6
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    novell opensuse 10.2