- Home
- CVEs with nessus.description==According to its self-reported version number, the instance of vsftpd listening on the remote server is earlier than 2.3.3 and, as such, may be affected by a denial of service vulnerability.
An error exists in the function 'vsf_filename_passes_filter()' in 'ls.c' that allows resource intensive glob expressions to be processed with the 'STAT' command. Using numerous IP addresses to bypass an FTP-sessions-per-IP-address limit, a remote attacker can carry out a denial of service attack.
Note that Nessus did not actually test for the flaw but instead has relied on the version in vsftpd's banner.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top