6.8

CVE-2007-1562

EPSS 29.04%
Published 21.03.2007 19:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Affected products Warnungen 0 Metrics 2 CWE 1 References 24

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version >= 1.5 < 1.5.0.11

Mozilla ≫ Firefox Version >= 2.0 < 2.0.0.3

Canonical ≫ Ubuntu Linux Version5.10

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.04%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Broken Link

http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf

Broken Link

http://secunia.com/advisories/25476

Third Party Advisory

http://secunia.com/advisories/25490

Third Party Advisory

http://secunia.com/advisories/25858

Third Party Advisory

http://www.mozilla.org/security/announce/2007/mfsa2007-11.html

Vendor Advisory

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

Broken Link

http://www.openwall.com/lists/oss-security/2020/12/09/1

http://www.redhat.com/support/errata/RHSA-2007-0400.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0402.html

Third Party Advisory

http://www.securityfocus.com/archive/1/463501/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/470172/100/200/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/23082

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1017800

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-443-1

Third Party Advisory

http://www.vupen.com/english/advisories/2007/1034

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=370559

Vendor Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/33119

Third Party Advisory

VDB Entry

https://issues.rpath.com/browse/RPL-1157

Broken Link

https://issues.rpath.com/browse/RPL-1424

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-1562

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1562

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1562

EUVD