7.5

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JscapeSecure Ftp Applet Version <= 4.8.0
JscapeSecure Ftp Applet Version1.1
JscapeSecure Ftp Applet Version1.2
JscapeSecure Ftp Applet Version1.3
JscapeSecure Ftp Applet Version1.4
JscapeSecure Ftp Applet Version1.5
JscapeSecure Ftp Applet Version1.6
JscapeSecure Ftp Applet Version2.0
JscapeSecure Ftp Applet Version2.1
JscapeSecure Ftp Applet Version2.5
JscapeSecure Ftp Applet Version2.6
JscapeSecure Ftp Applet Version3.0
JscapeSecure Ftp Applet Version3.0.1
JscapeSecure Ftp Applet Version3.0.2
JscapeSecure Ftp Applet Version3.0.3
JscapeSecure Ftp Applet Version3.0.4
JscapeSecure Ftp Applet Version4.0
JscapeSecure Ftp Applet Version4.2.0
JscapeSecure Ftp Applet Version4.3.0
JscapeSecure Ftp Applet Version4.4.0
JscapeSecure Ftp Applet Version4.5.0
JscapeSecure Ftp Applet Version4.6.0
JscapeSecure Ftp Applet Version4.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.87% 0.766
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/30822
Vendor Advisory
http://securityreason.com/securityalert/4606
http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html
http://www.securityfocus.com/archive/1/493569/100/0/threaded
http://www.securityfocus.com/archive/1/493652/100/0/threaded
http://www.securityfocus.com/bid/29882
http://www.securitytracker.com/id?1020346
http://www.vupen.com/english/advisories/2008/1919/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43300