WFTPD Pro Server 3.30.0.1 (pre auth) Multiple Remote Denial of Service Vulnerabilities

vendor:

WFTPD Pro Server

by:

Gjoko 'LiquidWorm' Krstic

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: WFTPD Pro Server

Affected Version From: 3.30.0.1

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP

2009

WFTPD Pro Server 3.30.0.1 (pre auth) Multiple Remote Denial of Service Vulnerabilities

WFTPD Pro Server 3.30.0.1 suffers from multiple remote vulnerabilities which resolves in denial of service. Several commands are vulnerable including: LIST, MLST, NLST, NLST -al, STAT and maybe more.

Mitigation:

Enable the 'Enable Security' configuration option

Source

WFTPD Pro Server 3.30.0.1 (pre auth) Multiple Remote Denial of Service Vulnerabilities

Mitigation:

Exploit-DB raw data: