CVE-2008-1052

NetWin SurgeFTP <= 2.3a2 - Denial of Service via Large Content-Length Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1052. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit triggers a denial-of-service in SurgeFTP by sending an HTTP request with an excessively large Content-Length value, causing the server to crash due to inadequate boundary checks.

Description

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/31302

View Code ZIP pw:eip

This exploit triggers a denial-of-service in SurgeFTP by sending an HTTP request with an excessively large Content-Length value, causing the server to crash due to inadequate boundary checks.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SurgeFTP 2.3a2

No auth needed

Prerequisites: Network access to the SurgeFTP server

MITRE ATT&CK