Denial of Service Vulnerability in Xlight FTP Server by Xlight Software
CVE-2004-0255

Currently unrated

Key Information:

Vendor: Xlight Ftp Server
Status: Xlight Ftp Server
Vendor: CVE Published:; 23 November 2004

🔔 Create Xlight Ftp Server Vulnerability Alert

What is CVE-2004-0255?

The Xlight FTP Server version 1.52 is susceptible to a denial of service vulnerability that occurs when log to screen functionality is enabled. This issue arises when an attacker sends a specially crafted request with an excessively long directory path composed of '.' and '/' characters. When the server logs this request, it can lead to a crash during the log file viewing process, potentially triggering a buffer overflow and affecting service availability. It is essential for administrators to apply necessary patches and restrict access to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/9585

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/15064

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=107605633904122&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2004
Vulnerability Reserved
Mar 17, 2004