CVE-2009-4775

Ipswitch WS_FTP Pro <12.2 - DoS

Title source: llm

Description

Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · perldoswindows

https://www.exploit-db.com/exploits/9607

View Code ZIP pw:eip

References (5)

[Various Sources] http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23

[Exploit] http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt

[Exploit] http://www.securityfocus.com/bid/36297

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9607

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53098

Scores

EPSS 0.1423

EPSS Percentile 94.4%

Details

CWE

CWE-134

Status published

Products (2)

ipswitch/ws_ftp 12.0 (2 CPE variants)

ipswitch/ws_ftp 12.0.1 (2 CPE variants)

Published Apr 21, 2010

Tracked Since Feb 18, 2026