{ "id": "CVE-2014-1693", "sourceIdentifier": "cve@mitre.org", "published": "2014-12-08T11:59:01.860", "lastModified": "2024-11-21T02:04:50.357", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en el m\u00f3dulo FTP en Erlang/OTP R15B03 permiten a atacantes dependientes de contexto inyectar comandos FTP arbitrarios a trav\u00e9s de secuencias CRLF en el comando (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, o (18) append_bin." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r15b03:*:*:*:*:*:*:*", "matchCriteriaId": "E602B5A2-5C32-456D-90F1-9BDCADA56A53" } ] } ] } ], "references": [ { "url": "http://advisories.mageia.org/MGASA-2014-0553.html", "source": "cve@mitre.org" }, { "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html", "source": "cve@mitre.org" }, { "url": "http://seclists.org/oss-sec/2014/q1/163", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:174", "source": "cve@mitre.org" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059331", "source": "cve@mitre.org" }, { "url": "https://usn.ubuntu.com/3571-1/", "source": "cve@mitre.org" }, { "url": "http://advisories.mageia.org/MGASA-2014-0553.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://seclists.org/oss-sec/2014/q1/163", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:174", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059331", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://usn.ubuntu.com/3571-1/", "source": "af854a3a-2127-422b-91ae-364da2661108" } ], "evaluatorComment": "CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" }