CVE-2007-1562
CVE-2007-1562
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/29768unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdfhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742https://bugzilla.mozilla.org/show_bug.cgi?id=370559http://secunia.com/advisories/25476http://secunia.com/advisories/25490http://secunia.com/advisories/25858https://exchange.xforce.ibmcloud.com/vulnerabilities/33119https://issues.rpath.com/browse/RPL-1157https://issues.rpath.com/browse/RPL-1424https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431http://www.mozilla.org/security/announce/2007/mfsa2007-11.htmlhttp://www.novell.com/linux/security/advisories/2007_36_mozilla.html