Summary
According to its version number, the remote WS_FTP server is vulnerable to session hijacking during passive connections and to a FTP bounce attack when a user submits a specially crafted FTP command.
OVS only checked the version number in the server banner
Solution
Upgrade to the latest version of this software
Severity
Classification
-
CVE CVE-1999-0017 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
- Open-FTPD Authentication Bypass Vulnerability
- SpoonFTP 'RETR' Command Remote Denial of Service Vulnerability
- Open and Compact FTPD Auth Bypass and Directory Traversal Vulnerabilities
- SolarFTP PASV Command Remote Denial of Service Vulnerability