CVE-2015-1419
CVE-2015-1419 is a medium-severity vulnerability in Vsftpd Project Vsftpd with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 7% (93rd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Vsftpd Project Vsftpd
- Published:
- Last modified:
Description
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
Frequently asked questions
- What is CVE-2015-1419?
- Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
- How severe is CVE-2015-1419?
- CVE-2015-1419 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2015-1419 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 7% (93rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-1419?
- CVE-2015-1419 primarily affects Vsftpd Project Vsftpd. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-1419?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2015-1419 published?
- CVE-2015-1419 was published on 2015-01-28 and last updated on 2026-06-17.
References
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00041.html
- http://secunia.com/advisories/62415
Affected products (3)
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:vsftpd_project:vsftpd:*:*:*:*:*:*:*:*
More vulnerabilities in Vsftpd Project Vsftpd
- CVE-2011-2523 — Critical (CVSS 9.8): vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
- CVE-2021-30047 — High (CVSS 7.5): VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
- CVE-2021-3618 — High (CVSS 7.4): ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different…
- CVE-2011-0762 — Medium (CVSS 4.0): The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a…