Ipswitch WS_FTP Server < 6.1.1 Multiple Vulnerabilities

high Nessus Plugin ID 40771
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote FTP server is affected by multiple vulnerabilities.


The remote host is running a version of WS_FTP earlier than 6.1.1.
Such versions are reportedly affected by multiple vulnerabilities :

- Improper handling of UDP packets within the FTP log server may allow an attacker to crash the affected service. (CVE-2008-0608)

- There is a buffer overflow vulnerability in the SSH Server service that can be triggered when handling arguments to the 'opendir' command. (CVE-2008-0590)

- An attacker can exploit a vulnerability in the 'FTPLogServer/LogViewer.asp' script to gain access to the log viewing interface. (CVE-2008-5692)


Upgrade to WS_FTP Server 6.1.1 or later.

See Also




Plugin Details

Severity: High

ID: 40771

File Name: ws_ftp_server_611.nasl

Version: 1.10

Type: local

Family: FTP

Published: 8/24/2009

Updated: 11/15/2018

Dependencies: ws_ftp_server_detect.nasl

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ipswitch:ws_ftp

Required KB Items: SMB/WS_FTP_Server/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2008

Vulnerability Publication Date: 2/4/2008

Reference Information

CVE: CVE-2008-0590, CVE-2008-0608, CVE-2008-5692, CVE-2008-5693

BID: 27573, 27612, 27654

Secunia: 28753, 28761, 28822

CWE: 20, 119, 287