CVE-2008-7263

EPSS 0.65%
Veröffentlicht 19.10.2010 20:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

G.Rodola ≫ Pyftpdlib Version <= 0.4.0

G.Rodola ≫ Pyftpdlib Version0.1

G.Rodola ≫ Pyftpdlib Version0.1.1

G.Rodola ≫ Pyftpdlib Version0.2.0

G.Rodola ≫ Pyftpdlib Version0.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

http://code.google.com/p/pyftpdlib/issues/detail?id=73

http://code.google.com/p/pyftpdlib/source/detail?r=348

http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py

https://nvd.nist.gov/vuln/detail/CVE-2008-7263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-7263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-7263

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-7263