CVE-2010-20113
published 2025-08-21CVE-2010-20113: EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.46%
70.3th percentile
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easyftp_server_project | easyftp_server | < 1.7.0.12 | 1.7.0.12 |
| kmint21_software | easyftp_server | <= 1.7.0.11 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on HTTP GET requests to /list.html with an abnormally long 'path' parameter value, indicative of a buffer overflow attempt against EasyFTP Server. ↗
- →No authentication is required to trigger this vulnerability; monitor for unauthenticated HTTP GET requests to /list.html on EasyFTP's embedded web server port. ↗
- →The vulnerability is exposed through the embedded web server (HTTP interface), not the FTP port — ensure HTTP traffic to EasyFTP instances is monitored. ↗
- →Prefer staged, ordinal (ORD), or shell payloads when detecting or emulating exploitation, as exploit space is constrained and egghunter techniques are unlikely to be used. ↗
- ·EasyFTP Server versions 1.7.0.11 and earlier are vulnerable; version 1.7.0.12 resolves the issue. The product was subsequently renamed 'UplusFtp' — detections should account for both product names. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rbhttps://www.exploit-db.com/exploits/11500https://www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overflowhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rbhttps://www.exploit-db.com/exploits/11500
2025-08-21
Published