Vulnerability Description
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jftpgw | Jftpgw | 0.13 |
References
- http://www.debian.org/security/2004/dsa-510PatchVendor Advisory
- http://www.securityfocus.com/bid/10438PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16271
- http://www.debian.org/security/2004/dsa-510PatchVendor Advisory
- http://www.securityfocus.com/bid/10438PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16271
FAQ
What is CVE-2004-0448?
CVE-2004-0448 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
How severe is CVE-2004-0448?
CVE-2004-0448 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0448?
Check the references section above for vendor advisories and patch information. Affected products include: Jftpgw Jftpgw.