INFORMATION

Name : CVE-2008-5124 First Publication : 2008-11-17
Severity : High Last Modification : 2009-04-14

SCORING CVSS v2

Cvss Base Score : 7.5 Attack Range : Network
Cvss Impact Score : 6.4 Attack Complexity : Low
Cvss Expoit Score : 10 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.



CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-287 - Improper Authentication (From NVD)
CPE COMMON PLATEFORM ENUMERATION (from NVD)


OPEN SOURCE VULNERABILITY DATABASE (OSVDB)

46544 : JSCAPE Secure FTP Applet Host Key Verification Weakness.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/29882

Source : BUGTRAQ
Url : http://www.securityfocus.com/archive/1/archive/1/493569/100/0/threaded
Url : http://www.securityfocus.com/archive/1/archive/1/493652/100/0/threaded

Source : CONFIRM
Url : http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html

Source : SECTRACK
Url : http://www.securitytracker.com/id?1020346

Source : SECUNIA
Url : http://secunia.com/advisories/30822

Source : SREASON
Url : http://securityreason.com/securityalert/4606

Source : VUPEN
Url : http://www.vupen.com/english/advisories/2008/1919/references

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/43300