CVE-2004-0342

MEDIUM

WFTPD Pro Server 3.21 Release 1 - DoS

Title source: llm

Description

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=107801142924976&w=2

[Broken Link] http://secunia.com/advisories/11001

[Broken Link] http://www.osvdb.org/4116

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/9767

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15342

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-193

Status draft

Affected Products (1)

wftpd_pro_server_project/wftpd_pro_server

Timeline

Published Nov 23, 2004

Tracked Since Feb 18, 2026