CVE-2019-19665 in FTP Server
Summary
by MITRE
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/11/2025
The vulnerability identified as CVE-2019-19665 represents a cross-site request forgery flaw within the Web File Manager component of Rumpus FTP version 8.2.9.1. This particular weakness resides in the FTP Settings configuration interface, specifically at the RAPR/FTPSettingsSet.html endpoint, where the application fails to properly validate or authenticate user requests originating from external sources. The vulnerability stems from the absence of proper anti-CSRF token implementation or validation mechanisms, allowing malicious actors to craft crafted requests that can be executed without the knowledge or consent of legitimate users who are authenticated within the system. This flaw operates under the Common Weakness Enumeration category CWE-352, which specifically addresses Cross-Site Request Forgery vulnerabilities that enable attackers to perform actions on behalf of authenticated users.
The technical exploitation of this vulnerability occurs when an attacker constructs a malicious web page or email attachment containing embedded requests that target the vulnerable FTP settings endpoint. When an authenticated user visits this malicious page or clicks on the compromised link, the browser automatically submits requests to modify FTP server configurations without requiring additional user interaction or authentication. This scenario creates a dangerous operational risk where attackers can potentially alter critical server parameters such as user access permissions, authentication methods, file transfer protocols, or network configuration settings that control how the FTP server operates. The impact extends beyond simple configuration changes, as these modifications could lead to unauthorized access to sensitive data, disruption of services, or even complete compromise of the FTP server infrastructure.
The operational consequences of this vulnerability are particularly severe given that it affects the core administrative functions of the Rumpus FTP server. Attackers who successfully exploit this weakness can manipulate server settings to redirect file transfers, modify user account permissions, disable security features, or establish backdoor access points. This type of vulnerability aligns with ATT&CK technique T1078 which covers Valid Accounts and T1566 which addresses Phishing, as the exploitation typically requires social engineering to get authenticated users to interact with malicious content. The vulnerability's presence in the RAPR/FTPSettingsSet.html endpoint indicates a lack of proper input validation and request origin verification, creating an attack surface where legitimate administrative functions become weaponized. Organizations relying on Rumpus FTP for file management and transfer operations face significant risk of unauthorized configuration changes that could persist undetected for extended periods, potentially allowing attackers to maintain access and continue compromising system integrity.
Mitigation strategies for this vulnerability require immediate implementation of proper anti-CSRF protection mechanisms including the deployment of unique, unpredictable tokens for each user session that must be validated before any configuration changes are processed. System administrators should implement strict input validation and request origin checking to ensure that all modifications to FTP settings originate from legitimate sources within the application's own interface. Network segmentation and access control measures should be strengthened to limit exposure of administrative interfaces to trusted networks only, while regular security audits should verify that no unauthorized modifications have occurred. Additionally, implementing web application firewalls and monitoring for suspicious request patterns can help detect and prevent exploitation attempts. The vulnerability underscores the critical importance of maintaining up-to-date software versions and applying security patches promptly, as this specific flaw was addressed in subsequent releases of the Rumpus FTP software. Organizations should also consider implementing multi-factor authentication for administrative access and establishing comprehensive logging and monitoring procedures to detect unauthorized configuration changes that could indicate exploitation of similar CSRF vulnerabilities in their infrastructure.