| VID |
16071 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WS FTP server, according to its version number, has an FTP Bounce vulnerability and PASV mode session hijacking vulnerability.
WS FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS FTP 3.13 version and earlier are vulnerable to the following two vulnerabilities:
- PASV mode session hijacking vulnerability: When a user establishes a PASV connection with the FTP server, a remote attacker could connect to the same FTP port to hijack the session and gain unauthorized access to sensitive information.
- FTP Bounce vulnerability: A remote attacker could perform the FTP bounce attack when a user submits a specially crafted FTP PORT command.
* Note: This check solely relied on the version number of the remote WS FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-10/0367.html
* Platforms Affected:
Ipswitch, Inc., WS_FTP Server 3.13 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WS FTP (5.02 or later), available from the Ipswitch WS_FTP server's "Patches & Upgrades" site at http://www.ipswitch.com/support/WS_FTP-Server/patch-upgrades.html |
| Related URL |
(CVE) |
| Related URL |
6050,6051 (SecurityFocus) |
| Related URL |
10493,10494 (ISS) |
|
