CVE-2008-4247

2008-09-2519:25:18

CWE-352

mitre

web.nvd.nist.gov

cve-2008-4247

ftp

openbsd

freebsd

netbsd

solaris

csrf

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.085

Percentile

94.5%

JSON

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Affected configurations

Nvd

Node

freebsdfreebsdMatch7.0

netbsdnetbsdMatch4.0

openbsdopenbsdMatch4.3

VendorProductVersionCPE
freebsdfreebsd7.0cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
netbsdnetbsd4.0cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
openbsdopenbsd4.3cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freebsd	freebsd	7.0	cpe:2.3:o:freebsd:freebsd:7.0:::::::*
netbsd	netbsd	4.0	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
openbsd	openbsd	4.3	cpe:2.3:o:openbsd:openbsd:4.3:::::::*