First published: Fri Aug 21 2009(Updated: )
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Luke Mewburn Tnftpd | =20061217 | |
Luke Mewburn Tnftpd | =20040810 | |
Luke Mewburn Tnftpd | =20080609 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.