Main Vulnerability Database Vulnerabilities #VU70441

#VU70441 Insufficient verification of data authenticity in Apache Commons Net - CVE-2021-37533

Published: December 20, 2022

Vulnerability identifier: #VU70441

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-37533

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Commons Net

Software vendor:
Apache Foundation

Description

The vulnerability allows an attacker to redirect victim to a malicious host.

The vulnerability exists due to the application trusts the host from PASV response by default. A remote attacker can trick the victim into connecting to an attacker controlled FTP server and then redirect the application to another host.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
http://www.openwall.com/lists/oss-security/2022/12/03/1
https://issues.apache.org/jira/browse/NET-711

#VU70441 Insufficient verification of data authenticity in Apache Commons Net - CVE-2021-37533

Description

Remediation

External links

Please verify you're human