{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87342?format=json","vulnerability_id":"VCID-jhgz-qc5e-3ugy","summary":"vsftpd: backdoor which opens a shell on port 6200/tcp","aliases":[{"alias":"CVE-2011-2523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/942355?format=json","purl":"pkg:deb/debian/vsftpd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942356?format=json","purl":"pkg:deb/debian/vsftpd@3.0.3-12?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u8aq-2qhu-gff5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@3.0.3-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942354?format=json","purl":"pkg:deb/debian/vsftpd@3.0.3-13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u8aq-2qhu-gff5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@3.0.3-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942358?format=json","purl":"pkg:deb/debian/vsftpd@3.0.5-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@3.0.5-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/942357?format=json","purl":"pkg:deb/debian/vsftpd@3.0.5-0.5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@3.0.5-0.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1113721?format=json","purl":"pkg:deb/debian/vsftpd@3.0.5-0.6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/vsftpd@3.0.5-0.6%3Fdistro=trixie"}],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2523.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2523.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2523","reference_id":"","reference_type":"","scores":[{"value":"0.94265","scoring_system":"epss","scoring_elements":"0.99935","published_at":"2026-04-01T12:55:00Z"},{"value":"0.94265","scoring_system":"epss","scoring_elements":"0.99936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94265","scoring_system":"epss","scoring_elements":"0.99937","published_at":"2026-05-15T12:55:00Z"},{"value":"0.94265","scoring_system":"epss","scoring_elements":"0.99938","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2523"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778781","reference_id":"1778781","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1778781"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/49757.py","reference_id":"CVE-2011-2523","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/49757.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/17491.rb","reference_id":"OSVDB-73573;CVE-2011-2523","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/17491.rb"}],"weaknesses":[{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}],"exploits":[{"date_added":null,"description":"This module exploits a malicious backdoor that was added to the VSFTPD download\n          archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between\n          June 30th 2011 and July 1st 2011 according to the most recent information\n          available. This backdoor was removed on July 3rd 2011.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2011-07-03","exploit_type":null,"platform":"Linux,Unix","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb"},{"date_added":"2011-07-05","description":"vsftpd 2.3.4 - Backdoor Command Execution (Metasploit)","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2011-07-05","exploit_type":"remote","platform":"unix","source_date_updated":"2021-04-12","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"8.1 - 8.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhgz-qc5e-3ugy"}