CVE-2012-2999
NONE EPSS 63.5%
Published Oct 4, 201213y ago · Modified Jun 16, 20262w ago
Published Oct 4, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify.
Threat Intelligence
EPSS Exploit Probability
63.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-352 Cross-Site Request Forgery (CSRF) Authentication
Affected Products 97
| Vendor | Product | Version | Range |
|---|---|---|---|
| cerberusftp | ftp_server | * | ≤5.0.4.3 |
| cerberusftp | ftp_server | 1.0 | any |
| cerberusftp | ftp_server | 1.01 | any |
| cerberusftp | ftp_server | 1.1 | any |
| cerberusftp | ftp_server | 1.2 | any |
| cerberusftp | ftp_server | 1.02 | any |
| cerberusftp | ftp_server | 1.03 | any |
| cerberusftp | ftp_server | 1.5 | any |
| cerberusftp | ftp_server | 1.05 | any |
| cerberusftp | ftp_server | 1.6 | any |
| cerberusftp | ftp_server | 1.7 | any |
| cerberusftp | ftp_server | 1.22 | any |
| cerberusftp | ftp_server | 1.71 | any |
| cerberusftp | ftp_server | 2.0 | any |
| cerberusftp | ftp_server | 2.0 | any |
| cerberusftp | ftp_server | 2.0 | any |
| cerberusftp | ftp_server | 2.0 | any |
| cerberusftp | ftp_server | 2.0 | any |
| cerberusftp | ftp_server | 2.1 | any |
| cerberusftp | ftp_server | 2.01 | any |
| cerberusftp | ftp_server | 2.02 | any |
| cerberusftp | ftp_server | 2.2 | any |
| cerberusftp | ftp_server | 2.02 | any |
| cerberusftp | ftp_server | 2.2 | any |
| cerberusftp | ftp_server | 2.2 | any |
| cerberusftp | ftp_server | 2.2 | any |
| cerberusftp | ftp_server | 2.3 | any |
| cerberusftp | ftp_server | 2.4 | any |
| cerberusftp | ftp_server | 2.4 | any |
| cerberusftp | ftp_server | 2.4 | any |
| cerberusftp | ftp_server | 2.4 | any |
| cerberusftp | ftp_server | 2.11 | any |
| cerberusftp | ftp_server | 2.11 | any |
| cerberusftp | ftp_server | 2.11 | any |
| cerberusftp | ftp_server | 2.15 | any |
| cerberusftp | ftp_server | 2.15 | any |
| cerberusftp | ftp_server | 2.16 | any |
| cerberusftp | ftp_server | 2.21 | any |
| cerberusftp | ftp_server | 2.22 | any |
| cerberusftp | ftp_server | 2.23 | any |
| cerberusftp | ftp_server | 2.31 | any |
| cerberusftp | ftp_server | 2.32 | any |
| cerberusftp | ftp_server | 2.41 | any |
| cerberusftp | ftp_server | 2.42 | any |
| cerberusftp | ftp_server | 2.43 | any |
| cerberusftp | ftp_server | 2.44 | any |
| cerberusftp | ftp_server | 2.45 | any |
| cerberusftp | ftp_server | 2.46 | any |
| cerberusftp | ftp_server | 2.47 | any |
| cerberusftp | ftp_server | 2.48 | any |
| cerberusftp | ftp_server | 2.49 | any |
| cerberusftp | ftp_server | 2.50 | any |
| cerberusftp | ftp_server | 3.0 | any |
| cerberusftp | ftp_server | 3.0.1 | any |
| cerberusftp | ftp_server | 3.0.2 | any |
| cerberusftp | ftp_server | 3.0.3 | any |
| cerberusftp | ftp_server | 3.0.4 | any |
| cerberusftp | ftp_server | 3.0.5 | any |
| cerberusftp | ftp_server | 3.0.6 | any |
| cerberusftp | ftp_server | 3.0.7 | any |
| cerberusftp | ftp_server | 3.0.7.1 | any |
| cerberusftp | ftp_server | 3.0.8 | any |
| cerberusftp | ftp_server | 3.1 | any |
| cerberusftp | ftp_server | 3.1.0.3 | any |
| cerberusftp | ftp_server | 3.1.0.4 | any |
| cerberusftp | ftp_server | 3.1.0.5 | any |
| cerberusftp | ftp_server | 3.1.1 | any |
| cerberusftp | ftp_server | 3.1.2 | any |
| cerberusftp | ftp_server | 3.1.3 | any |
| cerberusftp | ftp_server | 3.1.3.1 | any |
| cerberusftp | ftp_server | 3.1.4 | any |
| cerberusftp | ftp_server | 4.0.0 | any |
| cerberusftp | ftp_server | 4.0.0.6 | any |
| cerberusftp | ftp_server | 4.0.0.8 | any |
| cerberusftp | ftp_server | 4.0.0.9 | any |
| cerberusftp | ftp_server | 4.0.0.11 | any |
| cerberusftp | ftp_server | 4.0.1 | any |
| cerberusftp | ftp_server | 4.0.1.1 | any |
| cerberusftp | ftp_server | 4.0.2 | any |
| cerberusftp | ftp_server | 4.0.2.2 | any |
| cerberusftp | ftp_server | 5.0.0.0 | any |
| cerberusftp | ftp_server | 5.0.0.1 | any |
| cerberusftp | ftp_server | 5.0.0.2 | any |
| cerberusftp | ftp_server | 5.0.0.3 | any |
| cerberusftp | ftp_server | 5.0.0.4 | any |
| cerberusftp | ftp_server | 5.0.0.5 | any |
| cerberusftp | ftp_server | 5.0.0.6 | any |
| cerberusftp | ftp_server | 5.0.0.7 | any |
| cerberusftp | ftp_server | 5.0.1.0 | any |
| cerberusftp | ftp_server | 5.0.1.1 | any |
| cerberusftp | ftp_server | 5.0.1.2 | any |
| cerberusftp | ftp_server | 5.0.2.0 | any |
| cerberusftp | ftp_server | 5.0.3.0 | any |
| cerberusftp | ftp_server | 5.0.3.1 | any |
| cerberusftp | ftp_server | 5.0.4.0 | any |
| cerberusftp | ftp_server | 5.0.4.1 | any |
| cerberusftp | ftp_server | 5.0.4.2 | any |
References 3
- cerberusftp.com http://www.cerberusftp.com/products/releasenotes.html
- kb.cert.org http://www.kb.cert.org/vuls/id/989684
- securityfocus.com http://www.securityfocus.com/bid/55788
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.