NETFile FTP/Web Server FTP Bounce Attack

medium Nessus Plugin ID 18295


The remote FTP server is prone to a denial of service attack.


The NETFile FTP/Web server on the remote host is vulnerable to a denial of service attack due to its support of the FXP protocol and its failure to validate the IP address supplied in a PORT command.

Additionally, this issue can be leveraged to bypass firewall rules to connect to arbitrary hosts.


Upgrade to NETFile FTP/Web Server 7.6.0 or later and disable FXP support.

See Also

Plugin Details

Severity: Medium

ID: 18295

File Name: netfile_ftpd_746.nasl

Version: 1.21

Type: remote

Family: FTP

Published: 5/18/2005

Updated: 7/16/2018

Risk Information


Risk Factor: Medium

Score: 6.1


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:fastream:netfile_ftp_web_server

Required KB Items: ftp/login, ftp/password

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/17/2005

Reference Information

CVE: CVE-2005-1646

BID: 13653