CVE-2021-37533 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-37533?
CVE-2021-37533 is a security vulnerability affecting Apache Commons Net's FTP client prior to version 3.9.0. With a medium severity rating, this vulnerability allows a malicious server to redirect the Commons Net code to use a different host, potentially leading to information leakage about services running on the client's private network.
Who is impacted by this?
This includes Debian 10 buster systems using the libcommons-net-java package before version 3.6-1+deb10u1. Systems using Apache Commons Net's FTP client with versions prior to 3.9.0, including Debian 10 buster systems with the libcommons-net-java package, are at risk.
What should I do if I’m affected?
If you're affected by the CVE-2021-37533 vulnerability, it's crucial to update your Apache Commons Net to version 3.9.0 or later. This will change the default behavior to ignore hosts from PASV responses, similar to how URL does, and protect your private network information from potential leaks. For Debian users, upgrade the libcommons-net-java package to the appropriate version for your distribution.
Update Apache Commons Net to version 3.9.0 or later.
For Debian users, upgrade the libcommons-net-java package to version 3.6-1+deb11u1 (bullseye) or the corresponding version for your distribution.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-37533 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Apache Commons Net's FTP client prior to version 3.9.0 and allows a malicious server to redirect the client to a different host, potentially leading to information leakage about services running on the client's private network. To mitigate the vulnerability, update Apache Commons Net to version 3.9.0 or later.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-20, which involves improper input validation in Apache Commons Net's FTP client.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-37533 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-37533?
CVE-2021-37533 is a security vulnerability affecting Apache Commons Net's FTP client prior to version 3.9.0. With a medium severity rating, this vulnerability allows a malicious server to redirect the Commons Net code to use a different host, potentially leading to information leakage about services running on the client's private network.
Who is impacted by this?
This includes Debian 10 buster systems using the libcommons-net-java package before version 3.6-1+deb10u1. Systems using Apache Commons Net's FTP client with versions prior to 3.9.0, including Debian 10 buster systems with the libcommons-net-java package, are at risk.
What should I do if I’m affected?
If you're affected by the CVE-2021-37533 vulnerability, it's crucial to update your Apache Commons Net to version 3.9.0 or later. This will change the default behavior to ignore hosts from PASV responses, similar to how URL does, and protect your private network information from potential leaks. For Debian users, upgrade the libcommons-net-java package to the appropriate version for your distribution.
Update Apache Commons Net to version 3.9.0 or later.
For Debian users, upgrade the libcommons-net-java package to version 3.6-1+deb11u1 (bullseye) or the corresponding version for your distribution.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-37533 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Apache Commons Net's FTP client prior to version 3.9.0 and allows a malicious server to redirect the client to a different host, potentially leading to information leakage about services running on the client's private network. To mitigate the vulnerability, update Apache Commons Net to version 3.9.0 or later.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-20, which involves improper input validation in Apache Commons Net's FTP client.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-37533 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-37533?
CVE-2021-37533 is a security vulnerability affecting Apache Commons Net's FTP client prior to version 3.9.0. With a medium severity rating, this vulnerability allows a malicious server to redirect the Commons Net code to use a different host, potentially leading to information leakage about services running on the client's private network.
Who is impacted by this?
This includes Debian 10 buster systems using the libcommons-net-java package before version 3.6-1+deb10u1. Systems using Apache Commons Net's FTP client with versions prior to 3.9.0, including Debian 10 buster systems with the libcommons-net-java package, are at risk.
What should I do if I’m affected?
If you're affected by the CVE-2021-37533 vulnerability, it's crucial to update your Apache Commons Net to version 3.9.0 or later. This will change the default behavior to ignore hosts from PASV responses, similar to how URL does, and protect your private network information from potential leaks. For Debian users, upgrade the libcommons-net-java package to the appropriate version for your distribution.
Update Apache Commons Net to version 3.9.0 or later.
For Debian users, upgrade the libcommons-net-java package to version 3.6-1+deb11u1 (bullseye) or the corresponding version for your distribution.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-37533 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue affects Apache Commons Net's FTP client prior to version 3.9.0 and allows a malicious server to redirect the client to a different host, potentially leading to information leakage about services running on the client's private network. To mitigate the vulnerability, update Apache Commons Net to version 3.9.0 or later.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-20, which involves improper input validation in Apache Commons Net's FTP client.
Learn More
For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions