WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.00137
Percentile: 0.34426

CVSS Scoring

Mapped CWE(s)

• CWE-193 : Off-by-one Error

Affected Products

• cpe:2.3:a:wftpd_pro_server_project:wftpd_pro_server:3.21:r1:*:*:*:*:*:*

← Back to Home