10 - CVE-2015-3306

Executive Summary

Informations
Name	CVE-2015-3306	First vendor Publication	2015-05-18
Vendor	Cve	Last vendor Modification	2021-05-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-284	Access Control (Authorization) Issues

CPE : Common Platform Enumeration

Type	Description	Count
Application	Proftpd cpe:2.3:a:proftpd:proftpd:1.3.5:::::::*	1

SAINT Exploits

Description	Link
ProFTPD mod_copy command execution	More info here

Snort® IPS/IDS

Date	Description
2015-06-17	ProFTPD mod_copy unauthenticated file copy attempt RuleID : 34447 - Revision : 4 - Type : POLICY-OTHER
2015-05-28	ProFTPD mod_copy remote code execution attempt RuleID : 34225 - Revision : 5 - Type : PROTOCOL-FTP

Nessus® Vulnerability Scanner

Date	Description
2015-06-16	Name : The remote host is running a ProFTPD module that is affected by an informatio... File : proftpd_1_3_5_info_disc.nasl - Type : ACT_ATTACK
2015-06-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-410.nasl - Type : ACT_GATHER_INFO
2015-05-21	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d0034536ff2411e4a072d050996490d0.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3263.nasl - Type : ACT_GATHER_INFO
2015-05-11	Name : The remote Fedora host is missing a security update. File : fedora_2015-7086.nasl - Type : ACT_GATHER_INFO
2015-05-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-6401.nasl - Type : ACT_GATHER_INFO
2015-05-04	Name : The remote Fedora host is missing a security update. File : fedora_2015-7164.nasl - Type : ACT_GATHER_INFO
2015-04-22	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-12.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/74238
DEBIAN	http://www.debian.org/security/2015/dsa-3263
EXPLOIT-DB	https://www.exploit-db.com/exploits/36742/ https://www.exploit-db.com/exploits/36803/
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157581.html
MISC	http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html http://packetstormsecurity.com/files/131555/ProFTPd-1.3.5-Remote-Command-Exec... http://packetstormsecurity.com/files/131567/ProFTPd-CPFR-CPTO-Proof-Of-Concep... http://packetstormsecurity.com/files/132218/ProFTPD-1.3.5-Mod_Copy-Command-Ex... http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Exec... http://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_modcopy_exec
SUSE	http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-27 00:23:09	Multiple Updates
2021-05-04 12:39:38	Multiple Updates
2021-04-22 01:48:30	Multiple Updates
2020-05-23 13:17:07	Multiple Updates
2020-05-23 00:45:09	Multiple Updates
2017-01-03 09:23:17	Multiple Updates
2016-12-31 09:24:30	Multiple Updates
2016-12-22 09:23:58	Multiple Updates
2016-12-03 09:24:13	Multiple Updates
2016-07-21 12:06:24	Multiple Updates
2015-06-25 21:26:29	Multiple Updates
2015-06-17 21:26:36	Multiple Updates
2015-06-17 13:31:58	Multiple Updates
2015-06-13 13:28:20	Multiple Updates
2015-06-09 21:26:33	Multiple Updates
2015-06-04 09:28:11	Multiple Updates
2015-05-29 21:25:53	Multiple Updates
2015-05-28 21:26:34	Multiple Updates
2015-05-22 13:29:27	Multiple Updates
2015-05-21 13:32:22	Multiple Updates
2015-05-19 21:30:54	Multiple Updates
2015-05-18 21:28:52	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1
Sources(s)	14
Saint Exploit(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	8

	Related
10	DSA-3263
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

10 - CVE-2015-3306

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

SAINT Exploits

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU