CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-3768

HIGH
8.5
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile23.98th
Published2007年7月15日
Last Modified2026年4月23日

Vulnerability Description

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.

Affected Platforms (CPE)

📦
Netwin

Surgeftp

<= 2.3a1

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt
🔗 http://marc.info/?l=full-disclosure&m=118409539009277&w=2
🔗 http://osvdb.org/37909
🔗 http://secunia.com/advisories/26061
🔗 http://securityreason.com/securityalert/2883
🔗 http://www.vupen.com/english/advisories/2007/2528
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35376
🔗 http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0030.txt

関連する脆弱性情報

CVE-2001-135510.0

Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other ...

CVE-2001-135610.0

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allow...

CVE-2013-47427.5

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute ar...

CVE-2008-10526.4

The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon...