Published: 03/12/2022 Updated: 10/01/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See issues.apache.org/jira/browse/NET-711.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache commons net
debian debian linux 10.0
debian debian linux 11.0

Synopsis Moderate: Red Hat Integration Camel Extensions for Quarkus 2133 security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel Extensions for Quarkus 2133 release and security update is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product S ...

Debian Bug report logs - #1025910 libcommons-net-java: CVE-2021-37533 Package: src:libcommons-net-java; Maintainer for src:libcommons-net-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 11 Dec 2022 20:06:02 UTC Severity: ...

ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place This may lead to leakage of information a ...

DescriptionThe MITRE CVE dictionary describes this issue as: Prior to Apache Commons Net 390, Net's FTP client trusts the host from PASV response by default A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place This may lead to leakage of information ...

Hitachi Infrastructure Analytics Advisor contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533, CVE-2022-1471, CVE-2023-1370, CVE-2023-26048, CVE-2023-26049 Hitachi Ops Center Analyzer viewpoi ...

Some utility classes for java (standard edition):

cumin cumin provides some utility classes for java (standard edition): Overview MapUtils - Simply creating maps ExceptionUtils - Get nice mini stacktrace, check for exception types in cause hierarchy ZipUtils - Write data or a string to a zip-file ReflectionUtils - Some reflections helper AnnotationUtils - Gets fields of a class annotated with a special annotation ObjectUtils

A modern sftp-client based on jsch

galangal galangal is a modern sftp-client based on jsch Documentation Browse the Javadoc of the latest version ('galangal' is well documented there) Installation <dependency> <groupId>netthk-systemsnetwork</groupId> <artifactId>galangal</artifactId> <version>143&

CWE-20 https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 http://www.openwall.com/lists/oss-security/2022/12/03/1 https://lists.debian.org/debian-lts-announce/2022/12/msg00038.html https://www.debian.org/security/2022/dsa-5307 https://access.redhat.com/errata/RHSA-2023:3667 https://nvd.nist.gov https://github.com/ThK-Systems/cumin https://www.debian.org/security/2022/dsa-5307

CVE-2021-37533

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect