Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for time_capsule by apple

    CVE-2010-1804 (GCVE-0-2010-1804)

    Vulnerability from nvd – Published: 2010-12-22 01:00 – Updated: 2024-08-07 01:35
    VLAI
    Summary
    Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-1804",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-1804",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2010-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:35:53.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0039 (GCVE-0-2010-0039)

    Vulnerability from nvd – Published: 2010-12-22 01:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device\u0027s IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-0039",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device\u0027s IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-0039",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2009-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2189 (GCVE-0-2009-2189)

    Vulnerability from nvd – Published: 2010-12-22 01:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.182Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2189",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2189",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2009-06-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0962 (GCVE-0-2010-0962)

    Vulnerability from nvd – Published: 2010-03-10 22:00 – Updated: 2024-08-07 01:06
    VLAI
    Summary
    The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/509867/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/38543 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2010/Mar/106 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/509974/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2010-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:52.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "apple-ftpproxy-security-bypass(56701)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
              },
              {
                "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
              },
              {
                "name": "38543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38543"
              },
              {
                "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
              },
              {
                "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "apple-ftpproxy-security-bypass(56701)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
            },
            {
              "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
            },
            {
              "name": "38543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38543"
            },
            {
              "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
            },
            {
              "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-0962",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "apple-ftpproxy-security-bypass(56701)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
                },
                {
                  "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
                },
                {
                  "name": "38543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/38543"
                },
                {
                  "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
                },
                {
                  "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-0962",
        "datePublished": "2010-03-10T22:00:00.000Z",
        "dateReserved": "2010-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:06:52.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2189 (GCVE-0-2009-2189)

    Vulnerability from cvelistv5 – Published: 2010-12-22 01:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.182Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2189",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2189",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2009-06-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0039 (GCVE-0-2010-0039)

    Vulnerability from cvelistv5 – Published: 2010-12-22 01:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device\u0027s IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-0039",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device\u0027s IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-0039",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2009-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1804 (GCVE-0-2010-1804)

    Vulnerability from cvelistv5 – Published: 2010-12-22 01:00 – Updated: 2024-08-07 01:35
    VLAI
    Summary
    Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4298 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1024907 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-12-16-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4298"
              },
              {
                "name": "1024907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-19T10:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-12-16-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4298"
            },
            {
              "name": "1024907",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024907"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2010-1804",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-12-16-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4298",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4298"
                },
                {
                  "name": "1024907",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024907"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2010-1804",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2010-05-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:35:53.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0962 (GCVE-0-2010-0962)

    Vulnerability from cvelistv5 – Published: 2010-03-10 22:00 – Updated: 2024-08-07 01:06
    VLAI
    Summary
    The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/509867/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/38543 vdb-entryx_refsource_BID
    http://seclists.org/fulldisclosure/2010/Mar/106 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/509974/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2010-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:52.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "apple-ftpproxy-security-bypass(56701)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
              },
              {
                "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
              },
              {
                "name": "38543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38543"
              },
              {
                "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
              },
              {
                "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "apple-ftpproxy-security-bypass(56701)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
            },
            {
              "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
            },
            {
              "name": "38543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38543"
            },
            {
              "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
            },
            {
              "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-0962",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "apple-ftpproxy-security-bypass(56701)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56701"
                },
                {
                  "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/509867/100/0/threaded"
                },
                {
                  "name": "38543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/38543"
                },
                {
                  "name": "20100304 Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2010/Mar/106"
                },
                {
                  "name": "20100309 Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/509974/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-0962",
        "datePublished": "2010-03-10T22:00:00.000Z",
        "dateReserved": "2010-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:06:52.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }