CVE-2004-0255

Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0255
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xlight_ftp_server / xlight_ftp_server	1.25	1.25.x
xlight_ftp_server / xlight_ftp_server	1.41	1.41.x
xlight_ftp_server / xlight_ftp_server	1.52	1.52.x
xlight_ftp_server / xlight_ftp_server	1.45	1.45.x

http://marc.info/?l=bugtraq&m=107605633904122&w=2
http://www.securityfocus.com/bid/9585
https://exchange.xforce.ibmcloud.com/vulnerabilities/15064

Vulnerability Database

289,697

CVE-2004-0255