CVE-2019-9600

HIGH

The Olive Tree FTP Server < 1.32 - Denial of Service via Connection Flood

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9600. PoCs published by s4vitar.

AI-analyzed exploit summary This exploit performs a Denial of Service (DoS) attack against FTP Server 1.32 by flooding the target with TCP connections while blocking FIN and RST packets via iptables rules. It requires root privileges to manipulate iptables and spawns multiple threads to sustain the attack.

Description

The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.

Exploits (1)

exploitdb WORKING POC
by s4vitar · pythondosandroid
https://www.exploit-db.com/exploits/46464

This exploit performs a Denial of Service (DoS) attack against FTP Server 1.32 by flooding the target with TCP connections while blocking FIN and RST packets via iptables rules. It requires root privileges to manipulate iptables and spawns multiple threads to sustain the attack.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: FTP Server 1.32 (Android)
No auth needed
Prerequisites: root privileges · network connectivity to target · iptables available
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=C8Nz3YmVc_g
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46464

Scores

CVSS v3 7.5
EPSS 0.0830
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
theolivetree/ftp_server < 1.32
Published Mar 06, 2019
Tracked Since Feb 18, 2026