Vulnerability Details : CVE-2008-6829
Public exploit exists!
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-6829
Probability of exploitation activity in the next 30 days: 0.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-6829
-
Victory FTP Server 5.0 LIST DoS
Disclosure Date: 2008-10-24First seen: 2020-04-26auxiliary/dos/windows/ftp/vicftps50_listThe Victory FTP Server v5.0 can be brought down by sending a very simple LIST command Authors: - kris katterjohn <katterjohn@gmail.com>
CVSS scores for CVE-2008-6829
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-6829
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6829
-
http://www.vupen.com/english/advisories/2008/2927
Vendor Advisory
-
https://www.exploit-db.com/exploits/6834
vicFTP 5.0 - 'LIST' Remote Denial of Service - Windows dos Exploit
Products affected by CVE-2008-6829
- cpe:2.3:a:vicftps:vicftps:5.0:*:*:*:*:*:*:*