Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5124

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5124
Last Modified 14 Apr 2009 01:38:17
Published 17 Nov 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5124

Summary

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.

Vulnerable Systems

Application

  • Jscape Secure Ftp Applet 1.1

  • Jscape Secure Ftp Applet 1.2

  • Jscape Secure Ftp Applet 1.3

  • Jscape Secure Ftp Applet 1.4

  • Jscape Secure Ftp Applet 1.5

  • Jscape Secure Ftp Applet 1.6

  • Jscape Secure Ftp Applet 2.0

  • Jscape Secure Ftp Applet 2.1

  • Jscape Secure Ftp Applet 2.5

  • Jscape Secure Ftp Applet 2.6

  • Jscape Secure Ftp Applet 3.0

  • Jscape Secure Ftp Applet 3.0.1

  • Jscape Secure Ftp Applet 3.0.2

  • Jscape Secure Ftp Applet 3.0.3

  • Jscape Secure Ftp Applet 3.0.4

  • Jscape Secure Ftp Applet 4.0

  • Jscape Secure Ftp Applet 4.2.0

  • Jscape Secure Ftp Applet 4.3.0

  • Jscape Secure Ftp Applet 4.4.0

  • Jscape Secure Ftp Applet 4.5.0

  • Jscape Secure Ftp Applet 4.6.0

  • Jscape Secure Ftp Applet 4.7

  • Jscape Secure Ftp Applet 4.8.0


References

XF - jscape-certificate-spoofing(43300)

VUPEN - ADV-2008-1919

SECTRACK - 1020346

BID - 29882

BUGTRAQ - 20080625 ERRATA - n.runs-SA-2008.001 - Jscape Secure FTP Applet

BUGTRAQ - 20080623 n.runs-SA-2008.001 - Jscape Secure FTP Applet

CONFIRM - http://www.jscape.com/sftpapplet/docs/HTML/index.html?introhistory.html

SREASON - 4606

SECUNIA - 30822


Last Updated: 27 May 2016 10:48:42