Denial of Service Vulnerability in NetWin SurgeFTP Administration Interface
CVE-2008-1052

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgeftp
Vendor: CVE Published:; 27 February 2008

What is CVE-2008-1052?

The administration interface of NetWin SurgeFTP versions 2.3a2 and earlier contains a vulnerability that allows remote attackers to induce a denial of service condition by sending a large integer in the Content-Length HTTP header. This action can cause the server to crash due to a NULL pointer dereference triggered when memory allocation fails, resulting in disrupted service and potential downtime.

References

http://www.securityfocus.com/archive/1/488745/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/29096

third-party-advisoryx_refsource_SECUNIA

http://aluigi.altervista.org/adv/surgeftpizza-adv.txt

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 27, 2008
Vulnerability Reserved
Feb 27, 2008

Netwin

What is CVE-2008-1052?

References

EPSS Score

Timeline