CVE-2008-4247

Freebsd - CSRF

Title source: rule
STIX 2.1

Description

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textremoteunix
https://www.exploit-db.com/exploits/32399

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021112
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020946
Third Party Advisory third-party-advisory x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/56
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33341
Various Sources x_refsource_misc
http://bugs.proftpd.org/show_bug.cgi?id=3115
Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32068
Various Sources vendor-advisory x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32070
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4313

Scores

EPSS 0.1261
EPSS Percentile 94.0%

Details

CWE
CWE-352
Status published
Products (3)
freebsd/freebsd 7.0
netbsd/netbsd 4.0
openbsd/openbsd 4.3
Published Sep 25, 2008
Tracked Since Feb 18, 2026