DEBIAN-CVE-2008-4247

DEBIAN-CVE-2008-4247 PUBLISHED CVSS 7.099999904632568 HIGH

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.

Risk Scores

CVSS v4.0

7.099999904632568

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:11	linux-ftpd-ssl	0, 0, 0
Debian:12	linux-ftpd-ssl	0, 0, 0
Debian:11	linux-ftpd	0, 0, 0
Debian:14	linux-ftpd-ssl	, 0.17.27+0.3-2,
Debian:12	linux-ftpd	0, 0, 0

Timeline

Sep 25, 2008 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2008-4247 advisory

Open in Interactive Console →