Back to search
CVE-2008-4242
Published: Sep 25, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31289
vdb-entry
x_refsource_BID
20080926 multiple vendor ftpd - Cross-site request forgery
third-party-advisory
x_refsource_SREASONRES
MDVSA-2009:061
vendor-advisory
x_refsource_MANDRIVA
1020945
vdb-entry
x_refsource_SECTRACK
31930
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-0195
vendor-advisory
x_refsource_FEDORA
33261
third-party-advisory
x_refsource_SECUNIA
33413
third-party-advisory
x_refsource_SECUNIA
4313
third-party-advisory
x_refsource_SREASON
FEDORA-2009-0064
vendor-advisory
x_refsource_FEDORA
DSA-1689
vendor-advisory
x_refsource_DEBIAN
proftpd-url-csrf(45274)
vdb-entry
x_refsource_XF
http://bugs.proftpd.org/show_bug.cgi?id=3115
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now