CVE-2019-19270

{"id": "CVE-2019-19270", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-26T04:15:12.950", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html", "source": "cve@mitre.org"}, {"url": "https://github.com/proftpd/proftpd/issues/859", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la funci\u00f3n tls_verify_crl en ProFTPD versiones hasta 1.3.6b. Un fallo en la comprobaci\u00f3n del campo apropiado de una entrada de CRL (verificando dos veces por tema, en lugar de una vez por tema y una vez por emisor), impide tener en cuenta algunas CRL v\u00e1lidas y puede permitir que clientes cuyos certificados han sido revocados contin\u00faen con una conexi\u00f3n en el servidor."}], "lastModified": "2023-11-07T03:07:36.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8267809-FDF5-459D-B34D-8CFF65B03A22", "versionEndIncluding": "1.3.5"}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47526BA5-3955-43B3-8EA4-5C29DDA3F9C7"}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC30FC2-1DEB-4CA7-922C-EA94E895E978"}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F41C633-216D-4A8C-BAA6-940452751735"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}