vendor:
WinFTP
by:
(x)dmnt
7.5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: WinFTP
Affected Version From: 2.3.2000
Affected Version To: 2.3.2000
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
WinFTP v2.3.0 DoS exploit
WinFTP v2.3.0 is vulnerable to a Denial of Service attack when an attacker attempts to send data. The exploit code creates a socket connection to the target host on port 21, sends a USER command with the supplied username, a PASS command with the supplied password, a PASV command, a NLST -1 command, and a QUIT command. The socket is then closed.
Mitigation:
Upgrade to the latest version of WinFTP.
