Moderate

CVE-2004-0255 - Unspecified vulnerability in Xlight FTP Server

Publication: 2004-11-23
Summary

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Xlight FTP Server Xlight FTP Server 1.25
  • Xlight FTP Server Xlight FTP Server 1.41
  • Xlight FTP Server Xlight FTP Server 1.45
  • Xlight FTP Server Xlight FTP Server 1.52