This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vim First view 2008-10-22
Product Netrw Last view 2008-10-22
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:vim:netrw:121:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:123:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:115:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:128:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:114:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:131:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:113:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:120:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:118:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:110:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:111:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:122:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:109:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:112:*:*:*:*:*:*:* 1
cpe:2.3:a:vim:netrw:116:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.3 2008-10-22 CVE-2008-4677

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-255 Credentials Management

Open Source Vulnerability Database (OSVDB)

id Description
47458 Vim Netrw Plugin FTP Credentials Remote Disclosure

OpenVAS Exploits

id Description
2009-10-10 Name : SLES9: Security update for ViM
File : nvt/sles9p5044520.nasl
2009-04-09 Name : Mandriva Update for vim MDVSA-2008:236 (vim)
File : nvt/gb_mandriva_MDVSA_2008_236.nasl
2009-04-09 Name : Mandriva Update for vim MDVSA-2008:236-1 (vim)
File : nvt/gb_mandriva_MDVSA_2008_236_1.nasl
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl

Nessus® Vulnerability Scanner

id Description
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12360.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_gvim-090225.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_gvim-090225.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-236.nasl - Type: ACT_GATHER_INFO
2009-03-13 Name: The remote openSUSE host is missing a security update.
File: suse_gvim-6023.nasl - Type: ACT_GATHER_INFO