Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2019-12815

Published: 19/07/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Proftpd

Vulnerability Summary

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd

fedoraproject fedora 29

fedoraproject fedora 30

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

siemens simatic_cp_1543-1_firmware

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2019-12815
Debian Bug report logs - #932453 CVE-2019-12815 Package: src:proftpd-dfsg; Maintainer for src:proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 19 Jul 2019 15:45:02 UTC Severity: important Tags: security, upstream ...
Debian Security Advisories: DSA-4491-1 proftpd-dfsg -- security update
Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands For the oldstable distribution (stretch), this problem has been fixed in version 135b-4+deb9u1 For the stable distribution (buster), this problem has been fixed in version 136-4+deb10u1 W ...

Github Repositories

https://github.com/KTN1990/CVE-2019-12815

ProFTPd mod_copy - arbitrary file copy without authentication

CVE-2019-12815 ProFTPd mod_copy - arbitrary file copy without authentication mass scanner

https://github.com/Lactea98/URL-crawler

URL crawler

URL crawler # Function 사용자가 입력한 URL에 요청을 보내어 URL 만 파싱하여 결과를 html로 출력합니다 개발 목적은 취약한 URL 이 있는지 분석을 위해 개발 되었습니다 # Used module 사용된 모듈은 아래와 같습니다 requests bs4 argparse fake_useragent json urlparse # How to use

References

CWE-755https://tbspace.de/cve201912815proftpd.htmlhttp://bugs.proftpd.org/show_bug.cgi?id=4372https://github.com/proftpd/proftpd/pull/816http://www.securityfocus.com/bid/109339https://seclists.org/bugtraq/2019/Aug/3https://www.debian.org/security/2019/dsa-4491https://lists.debian.org/debian-lts-announce/2019/08/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.htmlhttps://security.gentoo.org/glsa/201908-16http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932453https://nvd.nist.govhttps://github.com/KTN1990/CVE-2019-12815https://www.debian.org/security/2019/dsa-4491
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook