CVE-2017-15269

MEDIUM

PSFTPd 10.0.4 Build 729 - DoS

Title source: llm

Description

The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/541518/100/0/threaded

[Third Party Advisory] https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/

Scores

CVSS v3 4.3

EPSS 0.0022

EPSS Percentile 45.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-610

Status published

Products (1)

psftp/psftpd 10.0.4

Published Nov 15, 2017

Tracked Since Feb 18, 2026