Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0187

5 documents5 sources

Severity

10.0CRITICAL

EPSS

8.9%

top 7.42%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Washington University Wu-ftpd

Timeline

PublishedMar 26

Latest updateMay 3

Description

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDwashington_university/wu-ftpd19 versions+18

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9469-4325-qwhf: Format string vulnerability in wu-ftp 2↗2022-05-03

▶

CVEList

CVE-2001-0187: Format string vulnerability in wu-ftp 2↗2001-05-07

▶

💥Exploits & PoCs

Exploit-DB

WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String↗2001-01-23

▶

📋Vendor Advisories

Red Hat

CVE-2001-0187: Format string vulnerability in wu-ftp 2↗

▶