CVE-2007-6738

{"id": "CVE-2007-6738", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-19T20:00:01.923", "references": [{"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command."}, {"lang": "es", "value": "pyftpdlib anterior a v0.1.1 no elige un valor aleatorio para el puerto asociado con el comando PASV, lo que hace que sea m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible sobre el n\u00famero de conexiones en curso de datos mediante la lectura de la respuesta a este comando."}], "lastModified": "2010-10-20T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEEB68EB-94B6-48DE-80DD-D68AA801E54C", "versionEndIncluding": "0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}