Vulnerability in Pureftpd Pure-ftpd
CVE-2017-12170
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security impl…
EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Pureftpd Pure-ftpd — versions 1.0.46-1
- Red Hat, Inc. Pure-ftpd — versions Fedora downstream version pure-ftpd-1.0.46-1
- Fedoraproject Fedora — versions 26, 27
References
- secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Issue Tracking, Tool Signature)
Frequently asked questions
- What is CVE-2017-12170?
- CVE-2017-12170 is a critical-severity vulnerability in Pureftpd Pure-ftpd. CVSS score: 9.8/10. Published 2017-09-21.
- How severe is CVE-2017-12170?
- Critical severity. CVSS v3 base score is 9.8 out of 10.