CVE-2001-1500

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
http://www.mandriva.com/security/advisories?name=MDKSA-2002:005
http://www.securityfocus.com/archive/1/212805
http://www.securityfocus.com/bid/3310	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7126
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
http://www.mandriva.com/security/advisories?name=MDKSA-2002:005
http://www.securityfocus.com/archive/1/212805
http://www.securityfocus.com/bid/3310	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7126

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:proftpd_project:proftpd:1.2:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2.1:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2.2:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc2:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:::::::*
	cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:::::::*

History

20 Nov 2024, 23:37

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 -
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 -
References	~~() http://www.securityfocus.com/archive/1/212805 -~~	() http://www.securityfocus.com/archive/1/212805 -
References	~~() http://www.securityfocus.com/bid/3310 - Patch~~	() http://www.securityfocus.com/bid/3310 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/7126 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/7126 -

Information

Published : 2001-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-1500

Mitre link : CVE-2001-1500

CVE.ORG link : CVE-2001-1500

JSON object : View

Products Affected

proftpd_project

proftpd

CWE

NVD-CWE-Other

{"id": "CVE-2001-1500", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2001-12-31T05:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/212805", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3310", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/212805", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3310", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE2243B4-8E0C-46BC-A003-EF52C30A030E"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E7C8D7-5F57-4B49-B404-DB4DAE273926"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8BBF8B2-02E6-4A53-A5FC-DA8D39171753"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9280692-0AB9-4C1F-804C-CB088E5E4483"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F108D73C-1107-41DE-9DDB-505ABAF6E34D"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD7D3BDE-2200-4A5A-B149-DF4D52145A04"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66C825FE-91EC-43A2-9EEA-65A31DF46570"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C563389-39DB-45BA-9C84-DD6837900440"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2ABE74B-3D17-45D9-A87A-CE562DDB4454"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9166C42C-340D-4E7E-915C-BC2E4A373ACE"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25C586B4-670E-448B-8DFD-EE08F530BC3D"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9AED91C-8428-40F0-9E47-FF3FE7CAB067"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "114C3C5D-B227-4DE7-8485-1AE4B5E5E232"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0825C72A-DF19-44E4-9DCF-7F7047C1C582"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB8D658A-726D-4CB2-A07B-287A8EB3CB9A"}, {"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3ED09E8-2852-464B-9721-340F8F8C3B2E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10