Cross site request forgery (csrf)

2009-08-2114:30:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.7%

JSON

tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.

CPENameOperatorVersion
tnftpdeq20061217
tnftpdeq20040810
tnftpdeq20080609

Name	Operator	Version
tnftpd	eq	20061217
tnftpd	eq	20040810
tnftpd	eq	20080609

References

freshmeat.net/projects/tnftpd/?branch_id=14355&release_id=285654

osvdb.org/48637

secunia.com/advisories/31958

exchange.xforce.ibmcloud.com/vulnerabilities/45534