CVE-2021-30047

HIGH NUCLEI

vsftpd 3.0.3 - Denial of Service via Connection Limit Exhaustion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-30047. PoCs published by xynmaps. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit performs a Denial of Service (DoS) attack against vsftpd 3.0.3 by flooding the server with multiple FTP connections, exhausting its connection limit. It uses threading to spawn multiple FTP processes, effectively blocking legitimate users from connecting.

Description

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by xynmaps · pythonremotemultiple

https://www.exploit-db.com/exploits/49719

View Code ZIP pw:eip

This exploit performs a Denial of Service (DoS) attack against vsftpd 3.0.3 by flooding the server with multiple FTP connections, exhausting its connection limit. It uses threading to spawn multiple FTP processes, effectively blocking legitimate users from connecting.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: vsftpd 3.0.3

No auth needed

Prerequisites: Network access to the target vsftpd server · vsftpd server with no connection rate limiting

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

vsftpd < 3.0.3 - DoS

HIGHVERIFIEDby pussycat0x

Shodan: vsftpd || product:"vsftpd"

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/49719

Scores

CVSS v3 7.5

EPSS 0.0307

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

vsftpd_project/vsftpd 3.0.3

Published Aug 22, 2023

Tracked Since Feb 18, 2026