Описание
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
Ссылки
- Mailing List
- Broken Link
- Broken Link
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken Link
- Broken Link
- Broken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wftpd_pro_server_project:wftpd_pro_server:3.21:r1:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00137
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-193
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
EPSS
Процентиль: 34%
0.00137
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-193