CVE-2008-4247

NONECVSS 0.0

0.0

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

🔗 References (30)

cve@mitreftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc
cve@mitrehttp://bugs.proftpd.org/show_bug.cgi?id=3115
cve@mitrehttp://secunia.com/advisories/32068
cve@mitrehttp://secunia.com/advisories/32070
cve@mitrehttp://secunia.com/advisories/33341
cve@mitrehttp://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc
cve@mitrehttp://securityreason.com/achievement_securityalert/56
cve@mitrehttp://securityreason.com/securityalert/4313
cve@mitrehttp://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y
cve@mitrehttp://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h
cve@mitrehttp://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c
cve@mitrehttp://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h
cve@mitrehttp://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
cve@mitrehttp://www.securitytracker.com/id?1020946
cve@mitrehttp://www.securitytracker.com/id?1021112

Is Your Infrastructure Affected by CVE-2008-4247?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-4247

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-4247?