Vulnerability Details CVE-2004-2318
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt
- http://securitytracker.com/id?1008898
- http://www.osvdb.org/3788
- http://www.secunia.com/advisories/10758/
- http://www.securityfocus.com/bid/9554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15001
- http://members.lycos.co.uk/r34ct/main/surge_FTP/surge-ftp.txt
- http://securitytracker.com/id?1008898
- http://www.osvdb.org/3788
- http://www.secunia.com/advisories/10758/
- http://www.securityfocus.com/bid/9554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15001
Products affected by CVE-2004-2318
-
cpe:2.3:a:netwin:surgeftp:1.0b
-
cpe:2.3:a:netwin:surgeftp:2.0a
-
cpe:2.3:a:netwin:surgeftp:2.0b
-
cpe:2.3:a:netwin:surgeftp:2.0c
-
cpe:2.3:a:netwin:surgeftp:2.0d
-
cpe:2.3:a:netwin:surgeftp:2.0e
-
cpe:2.3:a:netwin:surgeftp:2.0f
-
cpe:2.3:a:netwin:surgeftp:2.2k1