← Back

CVE-2011-1575

nvd nist
Published: May 23, 2011Modified: Apr 29, 2026

JSON object

Loading...
5.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:N
Exploitability: 8.6 / Impact: 4.9
Source: NVD

Description

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected (87)

Products: Pureftpd: Pure Ftpd
Pureftpd
1 product
Pure Ftpd
Configuration A
87 vulnerable
Vulnerable SoftwareAffected Versions
Pureftpd
Pure Ftpd
Up to 1.0.29
Pure Ftpd
Version 0.90
Pure Ftpd
Version 0.91
Pure Ftpd
Version 0.92
Pure Ftpd
Version 0.93
Pure Ftpd
Version 0.94
Pure Ftpd
Version 0.95-pre1
Pure Ftpd
Version 0.95-pre2
Pure Ftpd
Version 0.95-pre3
Pure Ftpd
Version 0.95-pre4
Pure Ftpd
Version 0.95.1
Pure Ftpd
Version 0.95.2
Pure Ftpd
Version 0.95
Pure Ftpd
Version 0.96.1
Pure Ftpd
Version 0.96
Pure Ftpd
Version 0.96pre1
Pure Ftpd
Version 0.97-final
Pure Ftpd
Version 0.97.1
Pure Ftpd
Version 0.97.2
Pure Ftpd
Version 0.97.3
Pure Ftpd
Version 0.97.4
Pure Ftpd
Version 0.97.5
Pure Ftpd
Version 0.97.6
Pure Ftpd
Version 0.97.7
Pure Ftpd
Version 0.97.7pre1
Pure Ftpd
Version 0.97.7pre2
Pure Ftpd
Version 0.97.7pre3
Pure Ftpd
Version 0.97pre1
Pure Ftpd
Version 0.97pre2
Pure Ftpd
Version 0.97pre3
Pure Ftpd
Version 0.97pre4
Pure Ftpd
Version 0.97pre5
Pure Ftpd
Version 0.98-final
Pure Ftpd
Version 0.98.1
Pure Ftpd
Version 0.98.2
Pure Ftpd
Version 0.98.2a
Pure Ftpd
Version 0.98.3
Pure Ftpd
Version 0.98.4
Pure Ftpd
Version 0.98.5
Pure Ftpd
Version 0.98.6
Pure Ftpd
Version 0.98.7
Pure Ftpd
Version 0.98pre1
Pure Ftpd
Version 0.98pre2
Pure Ftpd
Version 0.99.1
Pure Ftpd
Version 0.99.1a
Pure Ftpd
Version 0.99.1b
Pure Ftpd
Version 0.99.2
Pure Ftpd
Version 0.99.2a
Pure Ftpd
Version 0.99.3
Pure Ftpd
Version 0.99.4
Pure Ftpd
Version 0.99.9
Pure Ftpd
Version 0.99
Pure Ftpd
Version 0.99a
Pure Ftpd
Version 0.99b
Pure Ftpd
Version 0.99pre1
Pure Ftpd
Version 0.99pre2
Pure Ftpd
Version 1.0.0
Pure Ftpd
Version 1.0.10
Pure Ftpd
Version 1.0.11
Pure Ftpd
Version 1.0.12
Pure Ftpd
Version 1.0.13a
Pure Ftpd
Version 1.0.14
Pure Ftpd
Version 1.0.15
Pure Ftpd
Version 1.0.16a
Pure Ftpd
Version 1.0.16b
Pure Ftpd
Version 1.0.16c
Pure Ftpd
Version 1.0.17
Pure Ftpd
Version 1.0.17a
Pure Ftpd
Version 1.0.18
Pure Ftpd
Version 1.0.19
Pure Ftpd
Version 1.0.1
Pure Ftpd
Version 1.0.20
Pure Ftpd
Version 1.0.21
Pure Ftpd
Version 1.0.22
Pure Ftpd
Version 1.0.24
Pure Ftpd
Version 1.0.25
Pure Ftpd
Version 1.0.26
Pure Ftpd
Version 1.0.27
Pure Ftpd
Version 1.0.28
Pure Ftpd
Version 1.0.2
Pure Ftpd
Version 1.0.3
Pure Ftpd
Version 1.0.4
Pure Ftpd
Version 1.0.5
Pure Ftpd
Version 1.0.6
Pure Ftpd
Version 1.0.7
Pure Ftpd
Version 1.0.8
Pure Ftpd
Version 1.0.9

Related CWEs

CWE-399
CWE-399

References (28)

Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.