CVE-2008-1052

EPSS 6.8%

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/31302unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.altervista.org/adv/surgeftpizza-adv.txt http://secunia.com/advisories/29096 http://securityreason.com/securityalert/3704 https://exchange.xforce.ibmcloud.com/vulnerabilities/40843 http://www.securityfocus.com/archive/1/488745/100/0/threaded http://www.securityfocus.com/bid/27993