PT-2004-2549 · Ipswitch · Ws Ftp
Lion
·
Published
2004-08-29
·
Updated
2023-10-11
·
CVE-2004-1643
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
WS FTP version 5.0.2
Description
The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a CD command with an invalid path containing a "../" sequence.
Recommendations
For WS FTP version 5.0.2, consider restricting access to the CD command or validating the paths provided in the CD command to prevent CPU consumption. As a temporary workaround, restrict the use of the CD command with "../" sequences until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ws Ftp