Lucene search

[email protected]CVE-2009-4775

HistoryApr 21, 2010 - 2:30 p.m.

CVE-2009-4775

2010-04-2114:30:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2009-4775

format string vulnerability

ipswitch ws_ftp professional

denial of service

crash

http response

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.

CPENameOperatorVersion
ipswitch:ws_ftpipswitch ws ftpeq12.0
ipswitch:ws_ftpipswitch ws ftpeq12.0.1

CPE	Name	Operator	Version
ipswitch:ws_ftp	ipswitch ws ftp	eq	12.0
ipswitch:ws_ftp	ipswitch ws ftp	eq	12.0.1

References

docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23

www.exploit-db.com/exploits/9607

www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt

www.securityfocus.com/bid/36297

exchange.xforce.ibmcloud.com/vulnerabilities/53098

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2009-4775

kaspersky1 openvas2 cvelist1 prion1 nessus1