Vulnerability Details CVE-2004-0342
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://marc.info/?l=bugtraq&m=107801142924976&w=2
- http://secunia.com/advisories/11001
- http://www.osvdb.org/4116
- http://www.securityfocus.com/bid/9767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15342
- http://marc.info/?l=bugtraq&m=107801142924976&w=2
- http://secunia.com/advisories/11001
- http://www.osvdb.org/4116
- http://www.securityfocus.com/bid/9767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15342
Products affected by CVE-2004-0342
-
cpe:2.3:a:wftpd_pro_server_project:wftpd_pro_server:3.21