CVE-2006-6565 - FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wi

CVE-2006-6565

Summary

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

References

Vulnerable Configurations

cpe:2.3:a:filezilla-project:filezilla_server:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.21:*:*:*:*:*:*:*
cpe:2.3:a:filezilla-project:filezilla_server:0.9.21:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 28-07-2020 - 16:36)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	http://sourceforge.net/project/shownotes.php?release_id=470364&group_id=21558
exploit-db	2914
vupen	ADV-2006-4937
xf	filezilla-commands-dos(30853)

Last major update

28-07-2020 - 16:36

Published

15-12-2006 - 11:28

Last modified

28-07-2020 - 16:36