Lucene search

Kaspersky LabKLA10225

HistoryApr 21, 2010 - 12:00 a.m.

KLA10225 DoS vulnerability in WS FTP

2010-04-2100:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

A format string vulnerability was found in WS FTP. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed format string.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

Ipswitch-WS_FTP-Professional

CVE list

CVE-2009-4775 warning

Solution

Update to latest version

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Ipswitch WS FTP 12 versions 12.1 and earlier

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Ipswitch-WS_FTP-Professional/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for KLA10225