Microsoft IIS FTP Server NLST Command Overflow DoS

Medium Nessus Plugin ID 10118


The remote web server is affected by a denial of service vulnerability.


It is possible to make the IIS FTP server close all the active connections by issuing a too long NLST command, which will make the server crash. An attacker can use this flaw to prevent people from downloading data from your FTP server.


Apply the patch referenced above.

See Also

Plugin Details

Severity: Medium

ID: 10118

File Name: iis_ftp_crash.nasl

Version: $Revision: 1.41 $

Type: remote

Family: FTP

Published: 1999/06/22

Modified: 2017/08/30

Dependencies: 10079, 10092

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: ftp/login

Vulnerability Publication Date: 1999/01/24

Reference Information

CVE: CVE-1999-0349

BID: 192

MSKB: 188348

OSVDB: 929

MSFT: MS99-003