Man-in-the-Middle (MitM) Affecting pyftpdlib package, versions [,0.2.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.23% (62nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-PYFTPDLIB-42140
  • published4 Jun 2018
  • disclosed18 Jun 2007
  • creditUnknown

Introduced: 18 Jun 2007

CVE-2007-6741  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

Upgrade pyftpdlib to version 0.2.0 or higher.

Overview

pyftpdlib is a Python FTP server library.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM) attacks. It does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data.

References

CVSS Scores

version 3.1