Skip to main content

Proftpd CVE-2019-12815

CRITICAL
Improper Handling of Exceptional Conditions (CWE-755)
2019-07-19 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 19, 2019 - 23:15 nvd
CRITICAL 9.8

DescriptionNVD

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

AnalysisAI

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-755. An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Affected products include: Proftpd, Fedoraproject Fedora, Debian Debian Linux, Siemens Simatic Cp 1543-1 Firmware. Version information: up to 1.3.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-3306 CRITICAL POC
10.0 May 18

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2026-42167 HIGH POC
8.1 Apr 28

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where

CVE-2023-51713 HIGH POC
7.5 Dec 22

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandl

CVE-2019-18217 HIGH POC
7.5 Oct 21

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handl

CVE-2013-4359 MEDIUM POC
5.0 Sep 30

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of serv

CVE-2020-9273 HIGH
8.8 Feb 20

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severi

CVE-2026-35025 HIGH
8.6 Jun 24

Directory ACL bypass in ProFTPD (through 1.3.9b and 1.3.10rc2) lets authenticated FTP users reach files inside DenyAll-p

CVE-2016-3125 HIGH
7.5 Apr 05

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile direct

CVE-2020-9272 HIGH
7.5 Feb 20

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated hi

CVE-2019-19272 HIGH
7.5 Nov 26

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2019-19271 HIGH
7.5 Nov 26

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Rated high severity (CVSS 7.5), this vulnerability is

Share

CVE-2019-12815 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy