vendor:
WFTPD
by:
Blue Panda
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: WFTPD
Affected Version From: 2.41
Affected Version To: 2.4.1RC11
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001
WFTPD versions prior to 2.4.1RC11 Denial of Service Vulnerabilities
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash. If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed. If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
Mitigation:
Upgrade to WFTPD version 2.4.1RC11 or later.
