📦

vsftpd

Vendor: vsftpd_project

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 1 Remote Access

Total CVEs 8 Total Indexed

Avg. EPSS 50.03% Exploit Prob.

Latest CVE CVE-2021-30047 Aug 22

Security Vulnerability Index

Page 1 / 1

7.5 CVSS

CVE-2021-30047

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

EPSS: 33.88%

Severity: HIGH

Aug 22, 2023

7.4 CVSS

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

EPSS: 0.61%

Severity: HIGH

Mar 23, 2022

9.8 CVSS

CVE-2011-2523

RCE Exploit Found

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

EPSS: 94.28%

Severity: CRITICAL

Nov 27, 2019

5.0 CVSS

CVE-2015-1419

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

EPSS: 76.09%

Severity: MEDIUM

Jan 28, 2015

4.0 CVSS

CVE-2011-0762

Exploit Found

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

EPSS: 45.28%

Severity: MEDIUM

Mar 02, 2011

Displaying 5 of 8 Total Entries

Total 1 Sections