CVE-2001-1501

ProFTPD 1.2.1 - Denial of Service via Glob Pattern with Wildcards

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1501. PoCs published by Frank DENIS.

AI-analyzed exploit summary This exploit targets a denial of service vulnerability in FTP servers by using excessive globbing patterns to exhaust system resources. The script automates the process by sending a malformed 'ls' command with repeated path traversal patterns.

Description

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Frank DENIS · bashremotelinux
https://www.exploit-db.com/exploits/20690

This exploit targets a denial of service vulnerability in FTP servers by using excessive globbing patterns to exhaust system resources. The script automates the process by sending a malformed 'ls' command with repeated path traversal patterns.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Multiple FTP servers (unspecified versions)
Auth required
Prerequisites: FTP server with anonymous authentication enabled · No per-user resource usage controls
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2002:005
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/169395

Scores

EPSS 0.3841
EPSS Percentile 98.4%

Details

Status published
Products (1)
proftpd_project/proftpd 1.2.1
Published Dec 31, 2001
Tracked Since Feb 18, 2026