CVE-2015-10003

Summary

A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
FileZillaServer0.9.0affected
FileZillaServer0.9.1affected
FileZillaServer0.9.2affected
FileZillaServer0.9.3affected
FileZillaServer0.9.4affected
FileZillaServer0.9.5affected
FileZillaServer0.9.6affected
FileZillaServer0.9.7affected
FileZillaServer0.9.8affected
FileZillaServer0.9.9affected
FileZillaServer0.9.10affected
FileZillaServer0.9.11affected
FileZillaServer0.9.12affected
FileZillaServer0.9.13affected
FileZillaServer0.9.14affected
FileZillaServer0.9.15affected
FileZillaServer0.9.16affected
FileZillaServer0.9.17affected
FileZillaServer0.9.18affected
FileZillaServer0.9.19affected
FileZillaServer0.9.20affected
FileZillaServer0.9.21affected
FileZillaServer0.9.22affected
FileZillaServer0.9.23affected
FileZillaServer0.9.24affected
FileZillaServer0.9.25affected
FileZillaServer0.9.26affected
FileZillaServer0.9.27affected
FileZillaServer0.9.28affected
FileZillaServer0.9.29affected
FileZillaServer0.9.30affected
FileZillaServer0.9.31affected
FileZillaServer0.9.32affected
FileZillaServer0.9.33affected
FileZillaServer0.9.34affected
FileZillaServer0.9.35affected
FileZillaServer0.9.36affected
FileZillaServer0.9.37affected
FileZillaServer0.9.38affected
FileZillaServer0.9.39affected
FileZillaServer0.9.40affected
FileZillaServer0.9.41affected
FileZillaServer0.9.42affected
FileZillaServer0.9.43affected
FileZillaServer0.9.44affected
FileZillaServer0.9.45affected
FileZillaServer0.9.46affected
FileZillaServer0.9.47affected
FileZillaServer0.9.48affected
FileZillaServer0.9.49affected
FileZillaServer0.9.50affected

Weaknesses

  • CWE-441: CWE-441 Unintended Intermediary

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References