CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
92.1%
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.
Vendor | Product | Version | CPE |
---|---|---|---|
xlight_ftp_server | xlight_ftp_server | 1.25 | cpe:2.3:a:xlight_ftp_server:xlight_ftp_server:1.25:*:*:*:*:*:*:* |
xlight_ftp_server | xlight_ftp_server | 1.41 | cpe:2.3:a:xlight_ftp_server:xlight_ftp_server:1.41:*:*:*:*:*:*:* |
xlight_ftp_server | xlight_ftp_server | 1.45 | cpe:2.3:a:xlight_ftp_server:xlight_ftp_server:1.45:*:*:*:*:*:*:* |
xlight_ftp_server | xlight_ftp_server | 1.52 | cpe:2.3:a:xlight_ftp_server:xlight_ftp_server:1.52:*:*:*:*:*:*:* |