WS_FTP Server Path Parsing Remote DoS

high Nessus Plugin ID 14584

Synopsis

The remote FTP server is prone to a denial of service attack.

Description

According to its banner, the version of WS_FTP on the remote host is vulnerable to a remote denial of service.

There is an error in the parsing of file paths. Exploitation of this flaw may cause a vulnerable system to use a large amount of CPU resources.

Solution

Upgrade to WS_FTP Server 5.03 or later.

See Also

https://www.securityfocus.com/archive/1/373420

http://www.ipswitch.com/support/ws_ftp-server/releases/wr503.asp

Plugin Details

Severity: High

ID: 14584

File Name: wsftp_file_path_parsing_dos.nasl

Version: 1.29

Type: remote

Family: FTP

Published: 8/31/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/31/2004

Reference Information

CVE: CVE-2004-1643

BID: 11065