📦

vsftpd

Vendor: beasts

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 2 Code Available
Total RCEs 1 Remote Access
Total CVEs 2 Total Indexed
Avg. EPSS 32.09% Exploit Prob.
Latest CVE CVE-2021-30047 Aug 22

Security Vulnerability Index

Page 1 / 1
7.5 CVSS
CVE-2021-30047

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

EPSS: 33.88%
7.4 CVSS
CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

EPSS: 0.61%
9.8 CVSS
CVE-2011-2523
RCE Exploit Found

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

EPSS: 94.28%
5.0 CVSS
CVE-2015-1419

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

EPSS: 76.09%
4.0 CVSS
CVE-2011-0762
Exploit Found

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

EPSS: 45.28%
7.1 CVSS
CVE-2008-2375

Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.

EPSS: 4.21%
5.0 CVSS
CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.

EPSS: 1.91%
5.0 CVSS
CVE-2004-0042

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.

EPSS: 0.50%