CVE-2019-19271

{"id": "CVE-2019-19271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-26T04:15:13.013", "references": [{"url": "https://github.com/proftpd/proftpd/issues/860", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/proftpd/proftpd/issues/860", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la funci\u00f3n tls_verify_crl en ProFTPD versiones anteriores a 1.3.6. Una variable de iteraci\u00f3n err\u00f3nea, utilizada cuando se comprueba un certificado de cliente contra las entradas de CRL (instaladas por un administrador del sistema), puede causar que se ignoren algunas entradas de CRL y puede permitir que clientes cuyos certificados han sido revocados contin\u00faen con una conexi\u00f3n en el servidor."}], "lastModified": "2024-11-21T04:34:28.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19DF8347-D2E6-4736-849D-F0707FE8E0F3", "versionEndExcluding": "1.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}