Vulnerability Details CVE-2008-7263
ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
- http://code.google.com/p/pyftpdlib/issues/detail?id=73
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=348
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
Products affected by CVE-2008-7263
-
cpe:2.3:a:g.rodola:pyftpdlib:*
-
cpe:2.3:a:g.rodola:pyftpdlib:0.1
-
cpe:2.3:a:g.rodola:pyftpdlib:0.1.1
-
cpe:2.3:a:g.rodola:pyftpdlib:0.2.0
-
cpe:2.3:a:g.rodola:pyftpdlib:0.3.0