(High)
INFORMATION
 Name | : | CVE-2008-4247 | First Publication | : | 2008-09-25 |
| Severity | : | High | Last Modification | : | 2009-01-29 |
SCORING CVSS v2
| Cvss Base Score | : | 7.5 | Attack Range | : | Network |
| Cvss Impact Score | : | 6.4 | Attack Complexity | : | Low |
| Cvss Expoit Score | : | 10 | Authentification | : | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||||
DETAIL
ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
