DEBIAN-CVE-2008-4242

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2008-4242

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-4242.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2008-4242

Upstream

CVE-2008-4242

Published

2008-09-25T19:25:18Z

Modified

2025-09-25T00:07:16.560735Z

Summary

[none]

Details

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

References

https://security-tracker.debian.org/tracker/CVE-2008-4242

Affected packages

Debian:11 / proftpd-dfsg

Package

Name: proftpd-dfsg
Purl: pkg:deb/debian/proftpd-dfsg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-15

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / proftpd-dfsg

Package

Name: proftpd-dfsg
Purl: pkg:deb/debian/proftpd-dfsg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-15

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / proftpd-dfsg

Package

Name: proftpd-dfsg
Purl: pkg:deb/debian/proftpd-dfsg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-15

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / proftpd-dfsg

Package

Name: proftpd-dfsg
Purl: pkg:deb/debian/proftpd-dfsg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.1-15

Ecosystem specific

{
    "urgency": "low"
}