Search criteria
1 vulnerability found for Server by FileZilla
CVE-2015-10003 (GCVE-0-2015-10003)
Vulnerability from cvelistv5 – Published: 2022-07-17 06:35 – Updated: 2025-04-15 14:04
VLAI?
Title
FileZilla Server PORT confused deputy
Summary
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
4.3 (Medium)
CWE
- CWE-441 - Unintended Intermediary
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FileZilla | Server |
Affected:
0.9.0
Affected: 0.9.1 Affected: 0.9.2 Affected: 0.9.3 Affected: 0.9.4 Affected: 0.9.5 Affected: 0.9.6 Affected: 0.9.7 Affected: 0.9.8 Affected: 0.9.9 Affected: 0.9.10 Affected: 0.9.11 Affected: 0.9.12 Affected: 0.9.13 Affected: 0.9.14 Affected: 0.9.15 Affected: 0.9.16 Affected: 0.9.17 Affected: 0.9.18 Affected: 0.9.19 Affected: 0.9.20 Affected: 0.9.21 Affected: 0.9.22 Affected: 0.9.23 Affected: 0.9.24 Affected: 0.9.25 Affected: 0.9.26 Affected: 0.9.27 Affected: 0.9.28 Affected: 0.9.29 Affected: 0.9.30 Affected: 0.9.31 Affected: 0.9.32 Affected: 0.9.33 Affected: 0.9.34 Affected: 0.9.35 Affected: 0.9.36 Affected: 0.9.37 Affected: 0.9.38 Affected: 0.9.39 Affected: 0.9.40 Affected: 0.9.41 Affected: 0.9.42 Affected: 0.9.43 Affected: 0.9.44 Affected: 0.9.45 Affected: 0.9.46 Affected: 0.9.47 Affected: 0.9.48 Affected: 0.9.49 Affected: 0.9.50 |
Credits
Amit Klein
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:24.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:25.035988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:04:51.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Server",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "0.9.0"
},
{
"status": "affected",
"version": "0.9.1"
},
{
"status": "affected",
"version": "0.9.2"
},
{
"status": "affected",
"version": "0.9.3"
},
{
"status": "affected",
"version": "0.9.4"
},
{
"status": "affected",
"version": "0.9.5"
},
{
"status": "affected",
"version": "0.9.6"
},
{
"status": "affected",
"version": "0.9.7"
},
{
"status": "affected",
"version": "0.9.8"
},
{
"status": "affected",
"version": "0.9.9"
},
{
"status": "affected",
"version": "0.9.10"
},
{
"status": "affected",
"version": "0.9.11"
},
{
"status": "affected",
"version": "0.9.12"
},
{
"status": "affected",
"version": "0.9.13"
},
{
"status": "affected",
"version": "0.9.14"
},
{
"status": "affected",
"version": "0.9.15"
},
{
"status": "affected",
"version": "0.9.16"
},
{
"status": "affected",
"version": "0.9.17"
},
{
"status": "affected",
"version": "0.9.18"
},
{
"status": "affected",
"version": "0.9.19"
},
{
"status": "affected",
"version": "0.9.20"
},
{
"status": "affected",
"version": "0.9.21"
},
{
"status": "affected",
"version": "0.9.22"
},
{
"status": "affected",
"version": "0.9.23"
},
{
"status": "affected",
"version": "0.9.24"
},
{
"status": "affected",
"version": "0.9.25"
},
{
"status": "affected",
"version": "0.9.26"
},
{
"status": "affected",
"version": "0.9.27"
},
{
"status": "affected",
"version": "0.9.28"
},
{
"status": "affected",
"version": "0.9.29"
},
{
"status": "affected",
"version": "0.9.30"
},
{
"status": "affected",
"version": "0.9.31"
},
{
"status": "affected",
"version": "0.9.32"
},
{
"status": "affected",
"version": "0.9.33"
},
{
"status": "affected",
"version": "0.9.34"
},
{
"status": "affected",
"version": "0.9.35"
},
{
"status": "affected",
"version": "0.9.36"
},
{
"status": "affected",
"version": "0.9.37"
},
{
"status": "affected",
"version": "0.9.38"
},
{
"status": "affected",
"version": "0.9.39"
},
{
"status": "affected",
"version": "0.9.40"
},
{
"status": "affected",
"version": "0.9.41"
},
{
"status": "affected",
"version": "0.9.42"
},
{
"status": "affected",
"version": "0.9.43"
},
{
"status": "affected",
"version": "0.9.44"
},
{
"status": "affected",
"version": "0.9.45"
},
{
"status": "affected",
"version": "0.9.46"
},
{
"status": "affected",
"version": "0.9.47"
},
{
"status": "affected",
"version": "0.9.48"
},
{
"status": "affected",
"version": "0.9.49"
},
{
"status": "affected",
"version": "0.9.50"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Amit Klein"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T06:35:12.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97203"
}
],
"title": "FileZilla Server PORT confused deputy",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2015-10003",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "FileZilla Server PORT confused deputy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Server",
"version": {
"version_data": [
{
"version_value": "0.9.0"
},
{
"version_value": "0.9.1"
},
{
"version_value": "0.9.2"
},
{
"version_value": "0.9.3"
},
{
"version_value": "0.9.4"
},
{
"version_value": "0.9.5"
},
{
"version_value": "0.9.6"
},
{
"version_value": "0.9.7"
},
{
"version_value": "0.9.8"
},
{
"version_value": "0.9.9"
},
{
"version_value": "0.9.10"
},
{
"version_value": "0.9.11"
},
{
"version_value": "0.9.12"
},
{
"version_value": "0.9.13"
},
{
"version_value": "0.9.14"
},
{
"version_value": "0.9.15"
},
{
"version_value": "0.9.16"
},
{
"version_value": "0.9.17"
},
{
"version_value": "0.9.18"
},
{
"version_value": "0.9.19"
},
{
"version_value": "0.9.20"
},
{
"version_value": "0.9.21"
},
{
"version_value": "0.9.22"
},
{
"version_value": "0.9.23"
},
{
"version_value": "0.9.24"
},
{
"version_value": "0.9.25"
},
{
"version_value": "0.9.26"
},
{
"version_value": "0.9.27"
},
{
"version_value": "0.9.28"
},
{
"version_value": "0.9.29"
},
{
"version_value": "0.9.30"
},
{
"version_value": "0.9.31"
},
{
"version_value": "0.9.32"
},
{
"version_value": "0.9.33"
},
{
"version_value": "0.9.34"
},
{
"version_value": "0.9.35"
},
{
"version_value": "0.9.36"
},
{
"version_value": "0.9.37"
},
{
"version_value": "0.9.38"
},
{
"version_value": "0.9.39"
},
{
"version_value": "0.9.40"
},
{
"version_value": "0.9.41"
},
{
"version_value": "0.9.42"
},
{
"version_value": "0.9.43"
},
{
"version_value": "0.9.44"
},
{
"version_value": "0.9.45"
},
{
"version_value": "0.9.46"
},
{
"version_value": "0.9.47"
},
{
"version_value": "0.9.48"
},
{
"version_value": "0.9.49"
},
{
"version_value": "0.9.50"
}
]
}
}
]
},
"vendor_name": "FileZilla"
}
]
}
},
"credit": "Amit Klein",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory",
"refsource": "MISC",
"url": "http://www.securitygalore.com/site3/filezilla_ftp_server_advisory"
},
{
"name": "https://vuldb.com/?id.97203",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2015-10003",
"datePublished": "2022-07-17T06:35:12.000Z",
"dateReserved": "2022-07-16T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:04:51.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}