CVE-2007-1563
Opera 9.x - FTP PASV Port-Scanning
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
La implementación del protocolo FTP en Opera versión 9.10, aprueba que atacantes remotos permitan a servidores remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto apoderado u obtener información confidencial especificando una dirección de servidor alternativa en una respuesta PASV FTP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-03-21 CVE Reserved
- 2007-03-21 CVE Published
- 2007-03-21 First Exploit
- 2024-06-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | X_refsource_misc | |
| http://www.securityfocus.com/bid/23089 | Vdb Entry | |
| http://www.securitytracker.com/id?1017802 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29769 | 2007-03-21 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25027 | 2011-07-08 | |
| http://www.novell.com/linux/security/advisories/2007_28_opera.html | 2011-07-08 | |
| http://www.vupen.com/english/advisories/2007/1075 | 2011-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | 9.10 Search vendor "Opera" for product "Opera Browser" and version "9.10" | - |
Affected
| ||||||