Vulnerability Details CVE-2008-5124
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/30822
- http://securityreason.com/securityalert/4606
- http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html
- http://www.securityfocus.com/archive/1/493569/100/0/threaded
- http://www.securityfocus.com/archive/1/493652/100/0/threaded
- http://www.securityfocus.com/bid/29882
- http://www.securitytracker.com/id?1020346
- http://www.vupen.com/english/advisories/2008/1919/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43300
- http://secunia.com/advisories/30822
- http://securityreason.com/securityalert/4606
- http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html
- http://www.securityfocus.com/archive/1/493569/100/0/threaded
- http://www.securityfocus.com/archive/1/493652/100/0/threaded
- http://www.securityfocus.com/bid/29882
- http://www.securitytracker.com/id?1020346
- http://www.vupen.com/english/advisories/2008/1919/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43300
Products affected by CVE-2008-5124
-
cpe:2.3:a:jscape:secure_ftp_applet:*
-
cpe:2.3:a:jscape:secure_ftp_applet:1.1
-
cpe:2.3:a:jscape:secure_ftp_applet:1.2
-
cpe:2.3:a:jscape:secure_ftp_applet:1.3
-
cpe:2.3:a:jscape:secure_ftp_applet:1.4
-
cpe:2.3:a:jscape:secure_ftp_applet:1.5
-
cpe:2.3:a:jscape:secure_ftp_applet:1.6
-
cpe:2.3:a:jscape:secure_ftp_applet:2.0
-
cpe:2.3:a:jscape:secure_ftp_applet:2.1
-
cpe:2.3:a:jscape:secure_ftp_applet:2.5
-
cpe:2.3:a:jscape:secure_ftp_applet:2.6
-
cpe:2.3:a:jscape:secure_ftp_applet:3.0
-
cpe:2.3:a:jscape:secure_ftp_applet:3.0.1
-
cpe:2.3:a:jscape:secure_ftp_applet:3.0.2
-
cpe:2.3:a:jscape:secure_ftp_applet:3.0.3
-
cpe:2.3:a:jscape:secure_ftp_applet:3.0.4
-
cpe:2.3:a:jscape:secure_ftp_applet:4.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.2.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.3.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.4.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.5.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.6.0
-
cpe:2.3:a:jscape:secure_ftp_applet:4.7