Vulnerability Details CVE-2004-0159
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.103
EPSS Ranking 92.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017737.html
- http://www.osvdb.org/4029
- http://www.securityfocus.com/bid/9715
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15276
- https://www.debian.org/security/2004/dsa-447
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017737.html
- http://www.osvdb.org/4029
- http://www.securityfocus.com/bid/9715
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15276
- https://www.debian.org/security/2004/dsa-447
Products affected by CVE-2004-0159
-
cpe:2.3:a:samhain_labs:hsftp:1.10
-
cpe:2.3:a:samhain_labs:hsftp:1.11
-
cpe:2.3:a:samhain_labs:hsftp:1.4
-
cpe:2.3:a:samhain_labs:hsftp:1.5
-
cpe:2.3:a:samhain_labs:hsftp:1.6
-
cpe:2.3:a:samhain_labs:hsftp:1.7
-
cpe:2.3:a:samhain_labs:hsftp:1.9