CVE-2020-35359
published 2020-12-26CVE-2020-35359: Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
4.74%
90.7th percentile
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pureftpd | pure-ftpd | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w7rv-vxq3-894m: Pure-FTPd 1
ghsa_unreviewed·2022-05-24
CVE-2020-35359 [HIGH] CWE-770 GHSA-w7rv-vxq3-894m: Pure-FTPd 1
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
OSV
CVE-2020-35359: Pure-FTPd 1
osv·2020-12-26·CVSS 7.5
CVE-2020-35359 [HIGH] CVE-2020-35359: Pure-FTPd 1
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
No detection rules found.
Nuclei
Pure-FTPd 1.0.48 - Denial of Service
nuclei·CVSS 7.5
CVE-2020-35359 [HIGH] Pure-FTPd 1.0.48 - Denial of Service
Pure-FTPd 1.0.48 - Denial of Service
Pure-FTPd 1.0.48 is vulnerable to Denial of Service via exhaustion of connections due to lack of proper connection limits.
Template:
id: CVE-2020-35359
info:
name: Pure-FTPd 1.0.48 - Denial of Service
author: pussycat0x
severity: high
description: |
Pure-FTPd 1.0.48 is vulnerable to Denial of Service via exhaustion of connections due to lack of proper connection limits.
impact: |
Unauthenticated attackers can exhaust available connections due to lack of proper connection limits, causing denial of service by preventing legitimate users from connecting to the FTP server.
remediation: |
Update Pure-FTPd to a version newer than 1.0.48 that implements proper connection limits and rate limiting to prevent connection exhaustion attacks.
classification:
cvs
No writeups or analysis indexed.
2020-12-26
Published