ID de Prueba:	1.3.6.1.4.1.25623.1.0.902171
Categoría:	Windows
Título:	Ipswitch WS_FTP Professional < 12.2 'HTTP' Response Format String Vulnerability
Resumen:	Ipswitch WS_FTP Professional is prone to a format string; vulnerability.
Descripción:	Summary: Ipswitch WS_FTP Professional is prone to a format string vulnerability. Vulnerability Insight: The flaw is due to error in 'formatted-printing()' function. It fails to properly sanitize user supplied input before passing it as the format specifier. Specifically, the issue presents itself when the client parses specially crafted responses for a malicious HTTP server. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code in the context of the vulnerable application, failed exploit attempts will likely result in a denial-of-service condition. Affected Software/OS: Ipswitch WS_FTP Professional prior to version 12.2. Note: Versions prior to 12.x were 2006 through 2007 which are assumed to be affected as well. Solution: Update to version 12.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4775 BugTraq ID: 36297 http://www.securityfocus.com/bid/36297 http://www.exploit-db.com/exploits/9607 http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt XForce ISS Database: wsftp-http-format-string(53098) https://exchange.xforce.ibmcloud.com/vulnerabilities/53098
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.