← volver
CVE-2016-9499

The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting.

EPSS 7.8%CWE-204
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
Productos afectados
Accellion · FTP Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.kb.cert.org/vuls/id/745607https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdfhttps://www.securityfocus.com/bid/96154