CVE-2007-1564

Published: Mar 21, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

Affected (1)

Products: Kde: Konqueror

Kde

1 product

Konqueror

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kde Konqueror	Version 3.5.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf

Source: cve@mitre.org

http://secunia.com/advisories/24889

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27108

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1017801

Source: cve@mitre.org

http://www.kde.org/info/security/advisory-20070326-1.txt

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:072

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_6_sr.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0909.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/23091

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-447-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1076

Source: cve@mitre.org

Vendor Advisory

https://issues.rpath.com/browse/RPL-1201

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10646

Source: cve@mitre.org

http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf