CVE-2001-1021

WS_FTP Server 2.02 - Remote Code Execution via Long Arguments to Multiple FTP Commands

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1021. PoCs published by Reed Arvin, andreas.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in WS_FTP Server 5.03 by sending an overly long RNFR command after authentication. The exploit attempts to crash the service, leading to a denial of service (DoS).

Description

Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Reed Arvin · perldoswindows

https://www.exploit-db.com/exploits/1158

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in WS_FTP Server 5.03 by sending an overly long RNFR command after authentication. The exploit attempts to crash the service, leading to a denial of service (DoS).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WS_FTP Server 5.03

Auth required

Prerequisites: Network access to the target FTP server · Valid FTP credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by andreas · perlremotewindows

https://www.exploit-db.com/exploits/21036

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in WS-FTP Server 2.0.2 via the DELE command. It sends a crafted payload with shellcode to achieve remote code execution with SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WS-FTP Server 2.0.2

Auth required

Prerequisites: Network access to the target FTP server · FTP server version 2.0.2 · Anonymous or valid credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6911

Patch x_refsource_misc

http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-07/0610.html

Scores

EPSS 0.4214

EPSS Percentile 98.5%

Details

Status published

Products (1)

progress/ws_ftp_server 2.0.2

Published Jul 26, 2001

Tracked Since Feb 18, 2026