CVE-2011-1409 — fex - authentication bypass

Description

Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.

How to fix CVE-2011-1409

To remediate CVE-2011-1409, upgrade the affected package to a fixed version below.

Debian/fex—upgrade to 20110610-1 or later
Debian/fex—upgrade to 20100208+debian1-1+squeeze1 or later

Is CVE-2011-1409 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 20110610-1
from 0, < 20100208+debian1-1+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1409