CVE-2003-1206

Name of the Vulnerable Software and Affected Versions Crob FTP Server version 2.60.1

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by utilizing specific sequences in FTP commands. This can be achieved by including %s or %n sequences in the username during the login process or in other FTP commands, such as the dir command.

Recommendations For Crob FTP Server version 2.60.1, as a temporary workaround, consider restricting the use of the username field and other FTP commands to minimize the risk of exploitation. Avoid using the username variable in the affected FTP login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.