CVE-2002-0714
EPSS 0.17%
Description
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
How to fix CVE-2002-0714
To remediate CVE-2002-0714, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 2.4.6 or later
Is CVE-2002-0714 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.6