← Volver a CVEs

CVE-2010-20113

CRITICAL

9.8

Descripcion

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado8/21/2025

Ultima modificacion9/10/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

easyftp_server_project:easyftp_server

Debilidades (CWE)

CWE-121

Referencias

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rb(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/11500(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overflow(disclosure@vulncheck.com)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rb(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.exploit-db.com/exploits/11500(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.