| VID |
16073 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WS FTP server, according to its version number, has a Denial of Service Vulnerability.
WS FTP Server, developed by Ipswitch, is an FTP server for Microsoft Windows platforms. WS FTP 5.0.2 and possibly other versions are vulnerable to a Denial of Service attack, caused by a flaw when parsing file paths. By sending a malformed file path through the 'cd' command, a remote authenticated attacker could consume the available CPU resources.
* Note: This check solely relied on the version number of the remote WS FTP server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Ipswitch, Inc., WS_FTP Server 5.0.2 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of September 2004.
Upgrade to the new version of WS FTP, when new fixed version becomes available from the Ipswitch WS_FTP server's "Patches & Upgrades" site at http://www.ipswitch.com/support/WS_FTP-Server/patch-upgrades.html |
| Related URL |
CVE-2004-1643 (CVE) |
| Related URL |
11065 (SecurityFocus) |
| Related URL |
17155 (ISS) |
|
