CVE-2004-2318

Name of the Vulnerable Software and Affected Versions: SurgeFTP Server versions 1.0b through 2.2k1

Description: The issue affects the administrative interface of the software, specifically the surgeftpmgr.cgi component. It allows remote attackers to cause a temporary denial of service, resulting in a crash, by sending requests that include two percent (%) signs in the CMD parameter.

Recommendations: For SurgeFTP Server versions 1.0b through 2.2k1, consider restricting access to the surgeftpmgr.cgi interface until a fix is available, and avoid using requests with two percent (%) signs in the CMD parameter to prevent the denial of service.