Denial of Service Vulnerability in NetWin SurgeFTP Administration Interface
CVE-2008-1052

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgeftp
Vendor
CVE Published:
27 February 2008

What is CVE-2008-1052?

The administration interface of NetWin SurgeFTP versions 2.3a2 and earlier contains a vulnerability that allows remote attackers to induce a denial of service condition by sending a large integer in the Content-Length HTTP header. This action can cause the server to crash due to a NULL pointer dereference triggered when memory allocation fails, resulting in disrupted service and potential downtime.

References

http://www.securityfocus.com/archive/1/488745/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/29096
third-party-advisoryx_refsource_SECUNIA
http://aluigi.altervista.org/adv/surgeftpizza-adv.txt
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.