Back to search
CVE-2010-0962
Published: Mar 10, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
apple-ftpproxy-security-bypass(56701)
vdb-entry
x_refsource_XF
20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
mailing-list
x_refsource_BUGTRAQ
38543
vdb-entry
x_refsource_BID
20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
mailing-list
x_refsource_FULLDISC
20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now