7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.959 High
EPSS
Percentile
99.5%
Problem Description:
A malicious HTTP server could cause ftp(1) to execute
arbitrary commands.
Impact:
When operating on HTTP URIs, the ftp(1) client follows
HTTP redirects, and uses the part of the path after the
last ‘/’ from the last resource it accesses as the output
filename if ‘-o’ is not specified.
If the output file name provided by the server begins
with a pipe (‘|’), the output is passed to popen(3), which
might be used to execute arbitrary commands on the ftp(1)
client machine.