← voltar
CVE-2016-9499

The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting.

EPSS 7.8%CWE-204
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
Produtos afetados
Accellion · FTP Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.kb.cert.org/vuls/id/745607https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdfhttps://www.securityfocus.com/bid/96154