CVE Vulnerability

CVE-2008-7263

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://code.google.com/p/pyftpdlib/source/diff?spec=svn348&r=348&format=side&path=/trunk/pyftpdlib/ftpserver.py
http://code.google.com/p/pyftpdlib/issues/detail?id=73
http://code.google.com/p/pyftpdlib/source/detail?r=348
http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
Configurations

Configuration 1

cpe:2.3:a:g.rodola:pyftpdlib:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*
cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*
cpe:2.3:a:g.rodola:pyftpdlib:0.3.0:*:*:*:*:*:*:*
Information

Published : 2010-10-19 08:00

Updated : 2010-10-20 04:00

NVD link : CVE-2008-7263

Mitre link : CVE-2008-7263

Products Affected

G.rodola

CWE
CWE-287