PT-2024-1429 · Unknown · Solar Ftp Server
Fernando.Mengali
·
Published
2024-01-21
·
Updated
2024-05-17
·
CVE-2024-1016
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Solar FTP Server versions 2.1.1 through 2.1.2
Description
The issue is related to an uncontrolled resource consumption in the PASV mode of the Solar FTP Server, which can be exploited by a remote attacker to cause a denial of service. The vulnerability affects the PASV Command Handler component and can be initiated remotely.
Recommendations
For Solar FTP Server versions 2.1.1 and 2.1.2, apply a patch to fix this issue.
As a temporary workaround, consider restricting access to the PASV Command Handler until a patch is available.
Exploit
Fix
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solar Ftp Server