CVE-2004-0448

Description

Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.

Affected Software
References

Software	From	Fixed in
jftpgw / jftpgw	0.13	0.13.x
jftpgw / jftpgw	0.13.1	0.13.1.x
jftpgw / jftpgw	0.13.2	0.13.2.x
jftpgw / jftpgw	0.13.3	0.13.3.x

http://www.debian.org/security/2004/dsa-510
http://www.securityfocus.com/bid/10438
https://exchange.xforce.ibmcloud.com/vulnerabilities/16271

Severity: High

CVE: CVE-2004-0448
Published: Dec 6, 2004
Updated: Apr 13, 2023
Exploit:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CVE-2004-0448

Description

Details

CVSS v2