CVE-2019-19271
HIGH EPSS 62.1%
Published Nov 26, 20196y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Nov 26, 2019 6y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None
Threat Intelligence
EPSS Exploit Probability
62.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-295
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| proftpd | proftpd | * | <1.3.6 |
References 1
- github.com https://github.com/proftpd/proftpd/issues/860
Remediation
- github.com https://github.com/proftpd/proftpd/issues/860