CVE-2005-3294 - Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a de

CVE-2005-3294

Summary

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.

References

Vulnerable Configurations

cpe:2.3:a:typsoft:typsoft_ftp_server:0.85:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.85:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.93:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.93:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.95:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.95:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.96:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.96:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.97:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.97:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:0.99.8:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.1:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.1:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.10:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.10:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.11:*:*:*:*:*:*:*
cpe:2.3:a:typsoft:typsoft_ftp_server:1.11:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 26-01-2011 - 05:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	15104
exploit-db	15860
misc	http://www.exploitlabs.com/files/advisories/EXPL-A-2005-016-typsoft-ftpd.txt
osvdb	19992
secunia	17196

Last major update

26-01-2011 - 05:00

Published

23-10-2005 - 21:02

Last modified

26-01-2011 - 05:00