Vulnerability Description
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Erlang | Erlang\/Otp | r15b03 |
References
- http://advisories.mageia.org/MGASA-2014-0553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.h
- http://seclists.org/oss-sec/2014/q1/163Exploit
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
- https://bugzilla.redhat.com/show_bug.cgi?id=1059331
- https://usn.ubuntu.com/3571-1/
- http://advisories.mageia.org/MGASA-2014-0553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.h
- http://seclists.org/oss-sec/2014/q1/163Exploit
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
- https://bugzilla.redhat.com/show_bug.cgi?id=1059331
- https://usn.ubuntu.com/3571-1/
FAQ
What is CVE-2014-1693?
CVE-2014-1693 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) c...
How severe is CVE-2014-1693?
CVE-2014-1693 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1693?
Check the references section above for vendor advisories and patch information. Affected products include: Erlang Erlang\/Otp.