This host is running pyftpdlib FTP server and is prone to information disclosure vulnerability.
Successful exploitation will allow attacker to obtain potentially sensitive information about the number of in-progress data connections. Impact Level: Application
Upgrade to pyftpdlib version 0.5.2 or later, For updates refer to http://code.google.com/p/pyftpdlib/downloads/list
The flaw exists beacuse pyftpdlib does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.
ftpserver.py in pyftpdlib before 0.1.1
Updated on 2015-03-25
- SmartFTP Client Information Disclosure Vulnerability
- vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
- GuildFTPd Directory Traversal
- Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability
- Surge-FTP Admin Multiple Reflected Cross-site Scripting Vulnerabilities