CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
83.3%
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
Vendor | Product | Version | CPE |
---|---|---|---|
jscape | secure_ftp_applet | * | cpe:2.3:a:jscape:secure_ftp_applet:*:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.1 | cpe:2.3:a:jscape:secure_ftp_applet:1.1:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.2 | cpe:2.3:a:jscape:secure_ftp_applet:1.2:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.3 | cpe:2.3:a:jscape:secure_ftp_applet:1.3:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.4 | cpe:2.3:a:jscape:secure_ftp_applet:1.4:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.5 | cpe:2.3:a:jscape:secure_ftp_applet:1.5:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 1.6 | cpe:2.3:a:jscape:secure_ftp_applet:1.6:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 2.0 | cpe:2.3:a:jscape:secure_ftp_applet:2.0:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 2.1 | cpe:2.3:a:jscape:secure_ftp_applet:2.1:*:*:*:*:*:*:* |
jscape | secure_ftp_applet | 2.5 | cpe:2.3:a:jscape:secure_ftp_applet:2.5:*:*:*:*:*:*:* |
secunia.com/advisories/30822
securityreason.com/securityalert/4606
www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html
www.securityfocus.com/archive/1/493569/100/0/threaded
www.securityfocus.com/archive/1/493652/100/0/threaded
www.securityfocus.com/bid/29882
www.securitytracker.com/id?1020346
www.vupen.com/english/advisories/2008/1919/references
exchange.xforce.ibmcloud.com/vulnerabilities/43300