7.5

CVE-2002-0714

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquidSquid Version <= 2.4.stable6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.squid-cache.org/Versions/v2/2.4/bugs/
Patch
http://rhn.redhat.com/errata/RHSA-2002-051.html
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
http://marc.info/?l=bugtraq&m=102674543407606&w=2
http://rhn.redhat.com/errata/RHSA-2002-130.html
Patch
Vendor Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Patch
http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Patch
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
http://www.iss.net/security_center/static/9479.php
http://www.osvdb.org/5924
http://www.securityfocus.com/bid/5158