Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Commons Net's FTP client trusts the host from PASV response by default
Vulnerability Description
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache Commons Net 输入验证错误漏洞
Vulnerability Description
Apache Commons Net是美国阿帕奇(Apache)公司的一个库。实现了许多基本 Internet 协议的客户端。 Apache Commons Net 3.9.0之前版本存在输入验证错误漏洞,该漏洞源于Net 的 FTP 客户端默认信任来自 PASV 响应的主机,恶意服务器可以重定向 Commons Net 代码以使用不同的主机,但用户必须首先连接到恶意服务器,导致有关在客户端专用网络上运行的服务的信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A