CVE-2008-1079 - The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET

CVE-2008-1079

Summary

The outboxWriteUnsent function in FTPThread.class in SendFile.jar for Beehive Software SendFile.NET uses hard-coded credentials for an FTP server, which allows remote attackers to gain privileges.

References

http://secunia.com/advisories/29197
http://securityreason.com/securityalert/3711
http://www.securityfocus.com/archive/1/488947/100/0/threaded
http://www.securityfocus.com/bid/28060
https://exchange.xforce.ibmcloud.com/vulnerabilities/40982

Vulnerable Configurations

cpe:2.3:a:beehive_software:sendfile.net:*:*:*:*:*:*:*:*
cpe:2.3:a:beehive_software:sendfile.net:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2018 - 20:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	28060
bugtraq	20080229 Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials
secunia	29197
sreason	3711
xf	sendfile-sendfilejar-weak-security(40982)

Last major update

11-10-2018 - 20:29

Published

04-03-2008 - 18:44

Last modified

11-10-2018 - 20:29