Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.WSFTP_FILE_PATH_PARSING_DOS.NASL
HistoryAug 31, 2004 - 12:00 a.m.

WS_FTP Server Path Parsing Remote DoS

2004-08-3100:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
7
JSON

According to its banner, the version of WS_FTP on the remote host is vulnerable to a remote denial of service.

There is an error in the parsing of file paths. Exploitation of this flaw may cause a vulnerable system to use a large amount of CPU resources.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14584);
 script_version("1.29");

 script_cve_id("CVE-2004-1643");
 script_bugtraq_id(11065);

 script_name(english:"WS_FTP Server Path Parsing Remote DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote FTP server is prone to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"According to its banner, the version of WS_FTP on the remote host is
vulnerable to a remote denial of service. 

There is an error in the parsing of file paths.  Exploitation of this
flaw may cause a vulnerable system to use a large amount of CPU
resources." );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/373420" );
 script_set_attribute(attribute:"see_also", value:"http://www.ipswitch.com/support/ws_ftp-server/releases/wr503.asp" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to WS_FTP Server 5.03 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/31");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/31");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
 summary["english"] = "Check WS_FTP server version";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 
 script_family(english:"FTP");
 script_dependencie("ftp_anonymous.nasl", "ftpserver_detect_type_nd_version.nasl");
 script_require_ports("Services/ftp", 21);
 
 exit(0);
}

#

include ("ftp_func.inc");

port = get_ftp_port(default: 21);
banner = get_ftp_banner(port:port);
if (! banner) exit(1);

if (egrep(pattern:"WS_FTP Server ([0-4]\.|5\.0\.[0-2][^0-9])", string: banner))
	security_hole(port);

Related

cve 1
openvas 1
cve
cve
CVE-2004-1643
2004-08-29 04:00:00
openvas
openvas
WS FTP Server DoS Vulnerability (Nov 2005)
2005-11-03 00:00:00
JSON
Related for WSFTP_FILE_PATH_PARSING_DOS.NASL
cve1openvas1