Lucene search

MitreCVE-2008-5124

HistoryNov 18, 2008 - 12:30 a.m.

CVE-2008-5124

2008-11-1800:30:00

CWE-287

mitre

web.nvd.nist.gov

cve-2008-5124

jscape

secure ftp

applet

ssh

host key

man-in-the-middle

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

83.3%

JSON

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.

Affected configurations

Nvd

Node

jscapesecure_ftp_appletRange≤4.8.0

jscapesecure_ftp_appletMatch1.1

jscapesecure_ftp_appletMatch1.2

jscapesecure_ftp_appletMatch1.3

jscapesecure_ftp_appletMatch1.4

jscapesecure_ftp_appletMatch1.5

jscapesecure_ftp_appletMatch1.6

jscapesecure_ftp_appletMatch2.0

jscapesecure_ftp_appletMatch2.1

jscapesecure_ftp_appletMatch2.5

jscapesecure_ftp_appletMatch2.6

jscapesecure_ftp_appletMatch3.0

jscapesecure_ftp_appletMatch3.0.1

jscapesecure_ftp_appletMatch3.0.2

jscapesecure_ftp_appletMatch3.0.3

jscapesecure_ftp_appletMatch3.0.4

jscapesecure_ftp_appletMatch4.0

jscapesecure_ftp_appletMatch4.2.0

jscapesecure_ftp_appletMatch4.3.0

jscapesecure_ftp_appletMatch4.4.0

jscapesecure_ftp_appletMatch4.5.0

jscapesecure_ftp_appletMatch4.6.0

jscapesecure_ftp_appletMatch4.7

VendorProductVersionCPE
jscapesecure_ftp_applet*cpe:2.3:a:jscape:secure_ftp_applet:*:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.1cpe:2.3:a:jscape:secure_ftp_applet:1.1:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.2cpe:2.3:a:jscape:secure_ftp_applet:1.2:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.3cpe:2.3:a:jscape:secure_ftp_applet:1.3:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.4cpe:2.3:a:jscape:secure_ftp_applet:1.4:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.5cpe:2.3:a:jscape:secure_ftp_applet:1.5:*:*:*:*:*:*:*
jscapesecure_ftp_applet1.6cpe:2.3:a:jscape:secure_ftp_applet:1.6:*:*:*:*:*:*:*
jscapesecure_ftp_applet2.0cpe:2.3:a:jscape:secure_ftp_applet:2.0:*:*:*:*:*:*:*
jscapesecure_ftp_applet2.1cpe:2.3:a:jscape:secure_ftp_applet:2.1:*:*:*:*:*:*:*
jscapesecure_ftp_applet2.5cpe:2.3:a:jscape:secure_ftp_applet:2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jscape	secure_ftp_applet	*	cpe:2.3:a:jscape:secure_ftp_applet::::::::
jscape	secure_ftp_applet	1.1	cpe:2.3:a:jscape:secure_ftp_applet:1.1:::::::*
jscape	secure_ftp_applet	1.2	cpe:2.3:a:jscape:secure_ftp_applet:1.2:::::::*
jscape	secure_ftp_applet	1.3	cpe:2.3:a:jscape:secure_ftp_applet:1.3:::::::*
jscape	secure_ftp_applet	1.4	cpe:2.3:a:jscape:secure_ftp_applet:1.4:::::::*
jscape	secure_ftp_applet	1.5	cpe:2.3:a:jscape:secure_ftp_applet:1.5:::::::*
jscape	secure_ftp_applet	1.6	cpe:2.3:a:jscape:secure_ftp_applet:1.6:::::::*
jscape	secure_ftp_applet	2.0	cpe:2.3:a:jscape:secure_ftp_applet:2.0:::::::*
jscape	secure_ftp_applet	2.1	cpe:2.3:a:jscape:secure_ftp_applet:2.1:::::::*
jscape	secure_ftp_applet	2.5	cpe:2.3:a:jscape:secure_ftp_applet:2.5:::::::*

Rows per page:

1-10 of 231

References

secunia.com/advisories/30822

securityreason.com/securityalert/4606

www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html

www.securityfocus.com/archive/1/493569/100/0/threaded

www.securityfocus.com/archive/1/493652/100/0/threaded

www.securityfocus.com/bid/29882

www.securitytracker.com/id?1020346

www.vupen.com/english/advisories/2008/1919/references

exchange.xforce.ibmcloud.com/vulnerabilities/43300

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

83.3%

JSON

Related for CVE-2008-5124