Vulnerability CVE-2019-12815

Vulnerability Name:

CVE-2019-12815 (CCN-164769)

Assigned:

2019-07-19

Published:

2019-07-19

Updated:

2023-03-01

Summary:

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.org

Source: MITRE
Type: CNA
CVE-2019-12815

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
proftpd-cve201912815-code-exec(164769)

Source: CCN
Type: proftpd GIT Repository
Bug #4372: Ensure that mod_copy checks for for its SITE CPFR #816

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: BugTraq Mailing List, Sun, 4 Aug 2019 18:42:50 +0000
[SECURITY] [DSA 4491-1] proftpd-dfsg security update

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:proftpd:proftpd:1.3.5b:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201912815	V	CVE-2019-12815	2022-06-30
oval:org.opensuse.security:def:113176	P	proftpd-1.3.6e-1.10 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:74757	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:93432	P	(Moderate)	2021-12-06
oval:org.opensuse.security:def:106598	P	proftpd-1.3.6e-1.10 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63192	P	apache2-2.4.33-3.15.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64570	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:74307	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:93576	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:63418	P	tomcat-9.0.36-3.24.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63461	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62762	P	imlib2-loaders-1.4.10-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62755	P	gstreamer-plugins-bad-1.16.2-7.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62759	P	hplip-3.20.11-2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62787	P	libgypsy-devel-0.9-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62852	P	dpkg-1.19.0.4-2.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:100289	P	(Moderate)	2021-06-04
oval:org.opensuse.security:def:64512	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:64682	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:74624	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:63258	P	dhcp-relay-4.3.5-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62373	P	podman-1.0.1-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63608	P	argyllcms-1.9.2-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62573	P	libpango-1_0-0-32bit-1.40.14-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62372	P	docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63054	P	libnss_slurm2-20.02.3-1.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62965	P	log4j12-javadoc-1.2.17-2.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62396	P	bluez-5.48-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63745	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:64241	P	dracut on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64303	P	libXfont2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64166	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:63985	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64129	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:63879	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:74181	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64410	P	libykcs11-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63837	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:64302	P	libXfont-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64087	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:110419	P	Security update for proftpd (Moderate)	2020-01-13
oval:org.opensuse.security:def:100145	P	Security update for proftpd (Important)	2019-08-14
oval:org.opensuse.security:def:109931	P	Security update for proftpd (Important)	2019-08-08
oval:com.ubuntu.bionic:def:2019128150000000	V	CVE-2019-12815 on Ubuntu 18.04 LTS (bionic) - medium.	2019-07-19
oval:com.ubuntu.xenial:def:2019128150000000	V	CVE-2019-12815 on Ubuntu 16.04 LTS (xenial) - medium.	2019-07-19
oval:com.ubuntu.disco:def:2019128150000000	V	CVE-2019-12815 on Ubuntu 19.04 (disco) - untriaged.	2019-07-19

BACK