CVE-2007-1564 : The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to forc

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Published 2007-03-21 19:19:00

Updated 2017-10-11 01:31:54

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2007-1564

KDE » Konqueror » Version: 3.5.5
cpe:2.3:a:kde:konqueror:3.5.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-1564

EPSS FAQ

4.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1564

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-1564

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-1564

Red Hat 2007-03-23

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233592 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References for CVE-2007-1564

Jump to