CVE-2004-0448

Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2004/dsa-510	Patch Vendor Advisory
http://www.securityfocus.com/bid/10438	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16271

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jftpgw:jftpgw:0.13:::::::*
	cpe:2.3:a:jftpgw:jftpgw:0.13.1:::::::*
	cpe:2.3:a:jftpgw:jftpgw:0.13.2:::::::*
	cpe:2.3:a:jftpgw:jftpgw:0.13.3:::::::*

History

No history.

Information

Published : 2004-12-06 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2004-0448

Mitre link : CVE-2004-0448

CVE.ORG link : CVE-2004-0448

JSON object : View

Products Affected

jftpgw

jftpgw

CWE

NVD-CWE-Other

{"id": "CVE-2004-0448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-06T05:00:00.000", "references": [{"url": "http://www.debian.org/security/2004/dsa-510", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10438", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16271", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages."}, {"lang": "es", "value": "Vulnerabilidad de cadena de formato en la funci\u00f3n log de jftpgw 0.13.4 y anteriores permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de cadena de formato en ciertos mensajes syslog."}], "lastModified": "2017-07-11T01:30:10.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jftpgw:jftpgw:0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FA3687A-AE55-49F0-A85C-1E0466B7286D"}, {"criteria": "cpe:2.3:a:jftpgw:jftpgw:0.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E189A2-D429-4701-A9AA-436906ACD80C"}, {"criteria": "cpe:2.3:a:jftpgw:jftpgw:0.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AEB52F5-21E0-4064-8057-1264CF58C398"}, {"criteria": "cpe:2.3:a:jftpgw:jftpgw:0.13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3BC57F8-C7B7-4C8E-85BA-8D6D8DDCD13E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}