CVE-2016-9499
MEDIUMAccellion FTP Server < FTA_9_12_220 - Username Enumeration via Invalid Login Response
Title source: llmDescription
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
https://www.securityfocus.com/bid/96154
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/745607
Scores
CVSS v3
5.3
EPSS
0.0777
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-204
CWE-200
Status
published
Products (1)
accellion/ftp_server
< fta_9_12_220
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026