CVE-2021-47865

HIGH

ProFTPD 1.3.7a - Denial of Service via Multiple Simultaneous FTP Connections

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47865. PoCs published by xynmaps.

AI-analyzed exploit summary This exploit performs a Denial of Service (DoS) attack against ProFTPD 1.3.7a by flooding the server with multiple FTP connections, exhausting its connection limit. It uses threading to spawn multiple FTP processes and includes a timer to restart the attack periodically.

Description

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Exploits (1)

exploitdb WORKING POC

by xynmaps · pythondosmultiple

https://www.exploit-db.com/exploits/49697

View Code ZIP pw:eip

This exploit performs a Denial of Service (DoS) attack against ProFTPD 1.3.7a by flooding the server with multiple FTP connections, exhausting its connection limit. It uses threading to spawn multiple FTP processes and includes a timer to restart the attack periodically.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ProFTPD 1.3.7a

No auth needed

Prerequisites: Network access to the target ProFTPD server · FTP port (default 21) open and accessible

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49697

Various Sources product

http://www.proftpd.org/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/proftpd-a-remote-denial-of-service

Issue Tracking issue-tracking

https://github.com/proftpd/proftpd/issues/1298

Scores

CVSS v3 7.5

EPSS 0.0054

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

ProFTPD/ProFTPD 1.3.7a

Published Jan 21, 2026

Tracked Since Feb 18, 2026