CVE-2008-4242
proftpd-dfsg - Cross-Site Request Forgery
EPSS 3.4%
Description
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
How to fix CVE-2008-4242
To remediate CVE-2008-4242, upgrade the affected package to a fixed version below.
- Debian/proftpd-dfsg—upgrade to 1.3.1-15 or later
- Debian/proftpd-dfsg—upgrade to 1.3.0-19etch2 or later
Is CVE-2008-4242 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.3.1-15
- from 0, < 1.3.0-19etch2