Is CVE-2019-19270 actively exploited?

CVE-2019-19270 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-19270?

CVE-2019-19270 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2019-19270?

Patch guidance is available from proftpd security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-19270.

Fix CVE-2019-19270 - HIGH proftpd proftpd

Q: Which products are affected by CVE-2019-19270?

6 products: proftpd proftpd, proftpd proftpd, proftpd proftpd, proftpd proftpd, fedoraproject fedora, and 1 more.

Description

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-295

Metadata

Primary Vendor: PROFTPD
Published: 11/26/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

proftpd : proftpdproftpd : proftpdproftpd : proftpdproftpd : proftpdfedoraproject : fedorafedoraproject : fedora

Remediation Guidance

Executive Summary

View on NIST NVD